directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From elecha...@apache.org
Subject svn commit: r896599 [14/30] - in /directory/apacheds/trunk: ./ avl-partition/ avl-partition/src/ avl-partition/src/main/ avl-partition/src/main/java/ avl-partition/src/main/java/org/ avl-partition/src/main/java/org/apache/ avl-partition/src/main/java/o...
Date Wed, 06 Jan 2010 18:27:19 GMT
Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/AciAuthorizationInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/AciAuthorizationInterceptor.java?rev=896599&r1=896598&r2=896599&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/AciAuthorizationInterceptor.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/AciAuthorizationInterceptor.java Wed Jan  6 18:26:43 2010
@@ -20,8 +20,6 @@
 package org.apache.directory.server.core.authz;
 
 
-import javax.naming.directory.SearchControls;
-
 import java.text.ParseException;
 import java.util.ArrayList;
 import java.util.Collection;
@@ -30,11 +28,13 @@
 import java.util.List;
 import java.util.Set;
 
+import javax.naming.directory.SearchControls;
+
 import org.apache.directory.server.constants.ServerDNConstants;
 import org.apache.directory.server.core.CoreSession;
 import org.apache.directory.server.core.DefaultCoreSession;
 import org.apache.directory.server.core.DirectoryService;
-import org.apache.directory.server.core.authn.LdapPrincipal;
+import org.apache.directory.server.core.LdapPrincipal;
 import org.apache.directory.server.core.authz.support.ACDFEngine;
 import org.apache.directory.server.core.entry.ClonedServerEntry;
 import org.apache.directory.server.core.entry.ServerAttribute;
@@ -61,10 +61,6 @@
 import org.apache.directory.server.core.interceptor.context.SearchingOperationContext;
 import org.apache.directory.server.core.partition.ByPassConstants;
 import org.apache.directory.server.core.subtree.SubentryInterceptor;
-import org.apache.directory.server.schema.ConcreteNameComponentNormalizer;
-import org.apache.directory.server.schema.registries.AttributeTypeRegistry;
-import org.apache.directory.server.schema.registries.OidRegistry;
-import org.apache.directory.server.schema.registries.Registries;
 import org.apache.directory.shared.ldap.aci.ACIItem;
 import org.apache.directory.shared.ldap.aci.ACIItemParser;
 import org.apache.directory.shared.ldap.aci.ACITuple;
@@ -79,6 +75,8 @@
 import org.apache.directory.shared.ldap.message.ResultCodeEnum;
 import org.apache.directory.shared.ldap.name.LdapDN;
 import org.apache.directory.shared.ldap.schema.AttributeType;
+import org.apache.directory.shared.ldap.schema.SchemaManager;
+import org.apache.directory.shared.ldap.schema.normalizers.ConcreteNameComponentNormalizer;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -97,7 +95,7 @@
     private static final Logger LOG = LoggerFactory.getLogger( AciAuthorizationInterceptor.class );
 
     /**
-     * the multivalued op attr used to track the perscriptive access control
+     * the multivalued op attr used to track the prescriptive access control
      * subentries that apply to an entry.
      */
     private static final String AC_SUBENTRY_ATTR = "accessControlSubentries";
@@ -167,13 +165,7 @@
     private InterceptorChain chain;
     
     /** Global registries */
-    private Registries registries;
-    
-    /** attribute type registry */
-    private AttributeTypeRegistry atRegistry;
-    
-    /** whether or not this interceptor is activated */
-    private boolean enabled;
+    private SchemaManager schemaManager;
     
     /** the system wide subschemaSubentryDn */
     private String subschemaSubentryDn;
@@ -203,36 +195,34 @@
         super.init( directoryService );
 
         LdapDN adminDn = new LdapDN( ServerDNConstants.ADMIN_SYSTEM_DN_NORMALIZED );
-        adminDn.normalize( directoryService.getRegistries().getAttributeTypeRegistry().getNormalizerMapping() );
+        adminDn.normalize( directoryService.getSchemaManager().getNormalizerMapping() );
         CoreSession adminSession = new DefaultCoreSession( 
             new LdapPrincipal( adminDn, AuthenticationLevel.STRONG ), directoryService );
 
         tupleCache = new TupleCache( adminSession );
         groupCache = new GroupCache( adminSession );
-        registries = directoryService.getRegistries();
-        atRegistry = registries.getAttributeTypeRegistry();
-        OidRegistry oidRegistry = registries.getOidRegistry();
+        schemaManager = directoryService.getSchemaManager();
+        //ocRegistry = registries.getObjectClassRegistry();
         
         // look up some constant information
-        String objectClassOid = oidRegistry.getOid( SchemaConstants.OBJECT_CLASS_AT );
-        subentryOid = oidRegistry.getOid( SchemaConstants.SUBENTRY_OC );
-        String acSubentryOid = oidRegistry.getOid( AC_SUBENTRY_ATTR );
-        objectClassType = atRegistry.lookup( objectClassOid );
-        acSubentryType = atRegistry.lookup( acSubentryOid );
-        entryAciType = atRegistry.lookup( SchemaConstants.ENTRY_ACI_AT_OID ); 
-        subentryAciType = atRegistry.lookup( SchemaConstants.SUBENTRY_ACI_AT_OID );
+        String objectClassOid = schemaManager.getAttributeTypeRegistry().getOidByName( SchemaConstants.OBJECT_CLASS_AT );
+        subentryOid = schemaManager.getObjectClassRegistry().getOidByName( SchemaConstants.SUBENTRY_OC );
+        String acSubentryOid = schemaManager.getAttributeTypeRegistry().getOidByName( AC_SUBENTRY_ATTR );
+        objectClassType = schemaManager.lookupAttributeTypeRegistry( objectClassOid );
+        acSubentryType = schemaManager.lookupAttributeTypeRegistry( acSubentryOid );
+        entryAciType = schemaManager.lookupAttributeTypeRegistry( SchemaConstants.ENTRY_ACI_AT_OID ); 
+        subentryAciType = schemaManager.lookupAttributeTypeRegistry( SchemaConstants.SUBENTRY_ACI_AT_OID );
         
-        aciParser = new ACIItemParser( new ConcreteNameComponentNormalizer( atRegistry, oidRegistry ), atRegistry.getNormalizerMapping() );
-        engine = new ACDFEngine( registries.getOidRegistry(), atRegistry );
+        aciParser = new ACIItemParser( new ConcreteNameComponentNormalizer( schemaManager ), schemaManager.getNormalizerMapping() );
+        engine = new ACDFEngine( schemaManager.getGlobalOidRegistry(), schemaManager );
         chain = directoryService.getInterceptorChain();
-        enabled = directoryService.isAccessControlEnabled();
 
         // stuff for dealing with subentries (garbage for now)
         Value<?> subschemaSubentry = 
             directoryService.getPartitionNexus().getRootDSE( null ).
                 get( SchemaConstants.SUBSCHEMA_SUBENTRY_AT ).get();
         LdapDN subschemaSubentryDnName = new LdapDN( subschemaSubentry.getString() );
-        subschemaSubentryDnName.normalize( atRegistry.getNormalizerMapping() );
+        subschemaSubentryDnName.normalize( schemaManager.getNormalizerMapping() );
         subschemaSubentryDn = subschemaSubentryDnName.toNormName();
     }
 
@@ -250,10 +240,10 @@
 
         if ( isTheAdministrator( dn ) )
         {
-            String msg = "User '" + principalDn.getUpName();
+            String msg = "User '" + principalDn.getName();
             msg += "' does not have permission to move or rename the admin";
             msg += " account.  No one not even the admin can del, move or";
-            msg += " rename " + dn.getUpName() + "!";
+            msg += " rename " + dn.getName() + "!";
             LOG.error( msg );
             throw new LdapNoPermissionException( msg );
         }
@@ -443,7 +433,7 @@
         LdapDN name = addContext.getDn();
 
         // bypass authz code if we are disabled
-        if ( !enabled )
+        if ( !addContext.getSession().getDirectoryService().isAccessControlEnabled() )
         {
             next.add( addContext );
             return;
@@ -477,7 +467,7 @@
         addSubentryAciTuples( addContext, tuples, name, subentryAttrs );
 
         // check if entry scope permission is granted
-        engine.checkPermission( registries, addContext, userGroups, principalDn, principal.getAuthenticationLevel(), name, null, null,
+        engine.checkPermission( schemaManager, addContext, userGroups, principalDn, principal.getAuthenticationLevel(), name, null, null,
             ADD_PERMS, tuples, subentryAttrs, null );
 
         // now we must check if attribute type and value scope permission is granted
@@ -485,7 +475,7 @@
         {
             for ( Value<?> value:attribute )
             {
-                engine.checkPermission( registries, addContext, userGroups, principalDn, 
+                engine.checkPermission( schemaManager, addContext, userGroups, principalDn, 
                     principal.getAuthenticationLevel(), name, attribute.getUpId(), value, 
                     ADD_PERMS, tuples, serverEntry, null );
             }
@@ -515,7 +505,7 @@
         LdapDN principalDn = principal.getJndiName();
 
         // bypass authz code if we are disabled
-        if ( ! enabled )
+        if ( ! deleteContext.getSession().getDirectoryService().isAccessControlEnabled() )
         {
             next.delete( deleteContext );
             return;
@@ -540,7 +530,7 @@
         addEntryAciTuples( tuples, entry );
         addSubentryAciTuples( deleteContext, tuples, name, entry );
 
-        engine.checkPermission( registries, deleteContext, userGroups, principalDn, 
+        engine.checkPermission( schemaManager, deleteContext, userGroups, principalDn, 
             principal.getAuthenticationLevel(), name, null, null, REMOVE_PERMS, tuples, entry, null );
 
         next.delete( deleteContext );
@@ -560,7 +550,7 @@
         LdapDN principalDn = principal.getJndiName();
 
         // bypass authz code if we are disabled
-        if ( !enabled )
+        if ( !opContext.getSession().getDirectoryService().isAccessControlEnabled() )
         {
             next.modify( opContext );
             return;
@@ -577,7 +567,7 @@
              */
             ServerEntry modifiedEntry = opContext.lookup( name, ByPassConstants.LOOKUP_BYPASS );
             tupleCache.subentryModified( name, mods, modifiedEntry );
-            groupCache.groupModified( name, mods, entry, registries );
+            groupCache.groupModified( name, mods, entry, schemaManager );
             return;
         }
 
@@ -587,7 +577,7 @@
         addEntryAciTuples( tuples, entry );
         addSubentryAciTuples( opContext, tuples, name, entry );
 
-        engine.checkPermission( registries, opContext, userGroups, principalDn, 
+        engine.checkPermission( schemaManager, opContext, userGroups, principalDn, 
             principal.getAuthenticationLevel(), name, null, null, 
             Collections.singleton( MicroOperation.MODIFY ), tuples, entry, null );
 
@@ -607,7 +597,7 @@
                     if ( entry.get( attr.getId() ) == null )
                     {
                         // ... we also need to check if adding the attribute is permitted
-                        engine.checkPermission( registries, opContext, userGroups, principalDn, principal.getAuthenticationLevel(), name,
+                        engine.checkPermission( schemaManager, opContext, userGroups, principalDn, principal.getAuthenticationLevel(), name,
                                 attr.getId(), null, perms, tuples, entry, null );
                     }
                     
@@ -623,7 +613,7 @@
                         if ( entryAttr.size() == 1 )
                         {
                             // ... we also need to check if removing the attribute at all is permitted
-                            engine.checkPermission( registries, opContext, userGroups, principalDn, 
+                            engine.checkPermission( schemaManager, opContext, userGroups, principalDn, 
                                 principal.getAuthenticationLevel(), name, attr.getId(), 
                                 null, perms, tuples, entry, null );
                         }
@@ -649,11 +639,11 @@
              * not the individual Value Additions) we just handle this when the first value of an
              * attribute is being checked for relevant permissions below. 
              */
-            entryView = ServerEntryUtils.getTargetEntry( mod, entryView, registries );
+            entryView = ServerEntryUtils.getTargetEntry( mod, entryView, schemaManager );
             
             for ( Value<?> value:attr )
             {                
-                engine.checkPermission( registries, opContext, userGroups, principalDn, 
+                engine.checkPermission( schemaManager, opContext, userGroups, principalDn, 
                     principal.getAuthenticationLevel(), name, attr.getId(), value, 
                     perms, tuples, entry, entryView );
             }
@@ -667,14 +657,15 @@
          */
         ServerEntry modifiedEntry = opContext.lookup( name, ByPassConstants.LOOKUP_BYPASS );
         tupleCache.subentryModified( name, mods, modifiedEntry );
-        groupCache.groupModified( name, mods, entry, registries );
+        groupCache.groupModified( name, mods, entry, schemaManager );
     }
 
     
     public boolean hasEntry( NextInterceptor next, EntryOperationContext entryContext ) throws Exception
     {
         LdapDN name = entryContext.getDn();
-        if ( ! enabled )
+        
+        if ( ! entryContext.getSession().getDirectoryService().isAccessControlEnabled() )
         {
             return name.size() == 0 || next.hasEntry( entryContext );
         }
@@ -705,7 +696,7 @@
         addSubentryAciTuples( entryContext, tuples, name, entry.getOriginalEntry() );
 
         // check that we have browse access to the entry
-        engine.checkPermission( registries, entryContext, userGroups, principalDn, 
+        engine.checkPermission( schemaManager, entryContext, userGroups, principalDn, 
             principal.getAuthenticationLevel(), name, null, null,
             BROWSE_PERMS, tuples, entry.getOriginalEntry(), null );
 
@@ -745,7 +736,7 @@
         addSubentryAciTuples( lookupContext, tuples, lookupContext.getDn(), entry );
 
         // check that we have read access to the entry
-        engine.checkPermission( registries, lookupContext, userGroups, userName, principal.getAuthenticationLevel(), 
+        engine.checkPermission( schemaManager, lookupContext, userGroups, userName, principal.getAuthenticationLevel(), 
             lookupContext.getDn(), null, null,
             LOOKUP_PERMS, tuples, entry, null );
 
@@ -756,7 +747,7 @@
             for ( Value<?> value:attribute )
             {
                 engine.checkPermission( 
-                    registries, 
+                    schemaManager, 
                     lookupContext, 
                     userGroups, 
                     userName, 
@@ -780,10 +771,10 @@
         
         if ( !principalDn.isNormalized() )
         {
-            principalDn.normalize( atRegistry.getNormalizerMapping() );
+            principalDn.normalize( schemaManager.getNormalizerMapping() );
         }
         
-        if ( isPrincipalAnAdministrator( principalDn ) || !enabled )
+        if ( isPrincipalAnAdministrator( principalDn ) || !lookupContext.getSession().getDirectoryService().isAccessControlEnabled() )
         {
             return next.lookup( lookupContext );
         }
@@ -799,51 +790,52 @@
     
     public void rename( NextInterceptor next, RenameOperationContext renameContext ) throws Exception
     {
-        LdapDN name = renameContext.getDn();
-
-        ClonedServerEntry entry = renameContext.lookup( name, ByPassConstants.LOOKUP_BYPASS );
+        LdapDN oldName = renameContext.getDn();
+        ServerEntry originalEntry = null;
+        
+        if ( renameContext.getEntry() != null )
+        {
+            originalEntry = renameContext.getEntry().getOriginalEntry();
+        }
         
         LdapPrincipal principal = renameContext.getSession().getEffectivePrincipal();
         LdapDN principalDn = principal.getJndiName();
-        LdapDN newName = ( LdapDN ) name.clone();
-        newName.remove( name.size() - 1 );
-
-        newName.add( renameContext.getNewRdn() );
+        LdapDN newName = renameContext.getNewDn();
 
         // bypass authz code if we are disabled
-        if ( !enabled )
+        if ( !renameContext.getSession().getDirectoryService().isAccessControlEnabled() )
         {
             next.rename( renameContext );
             return;
         }
 
-        protectCriticalEntries( name );
+        protectCriticalEntries( oldName );
 
         // bypass authz code but manage caches if operation is performed by the admin
         if ( isPrincipalAnAdministrator( principalDn ) )
         {
             next.rename( renameContext );
-            tupleCache.subentryRenamed( name, newName );
+            tupleCache.subentryRenamed( oldName, newName );
             
             // TODO : this method returns a boolean : what should we do with the result ?
-            groupCache.groupRenamed( name, newName );
+            groupCache.groupRenamed( oldName, newName );
 
             return;
         }
 
         Set<LdapDN> userGroups = groupCache.getGroups( principalDn.toString() );
         Collection<ACITuple> tuples = new HashSet<ACITuple>();
-        addPerscriptiveAciTuples( renameContext, tuples, name, entry.getOriginalEntry() );
-        addEntryAciTuples( tuples, entry );
-        addSubentryAciTuples( renameContext, tuples, name, entry );
-
-        engine.checkPermission( registries, renameContext, userGroups, principalDn, 
-            principal.getAuthenticationLevel(), name, null, null,
-            RENAME_PERMS, tuples, entry, null );
+        addPerscriptiveAciTuples( renameContext, tuples, oldName, originalEntry );
+        addEntryAciTuples( tuples, originalEntry );
+        addSubentryAciTuples( renameContext, tuples, oldName, originalEntry );
+
+        engine.checkPermission( schemaManager, renameContext, userGroups, principalDn, 
+            principal.getAuthenticationLevel(), oldName, null, null,
+            RENAME_PERMS, tuples, originalEntry, null );
 
         next.rename( renameContext );
-        tupleCache.subentryRenamed( name, newName );
-        groupCache.groupRenamed( name, newName );
+        tupleCache.subentryRenamed( oldName, newName );
+        groupCache.groupRenamed( oldName, newName );
     }
 
 
@@ -861,7 +853,7 @@
         newName.add( moveAndRenameContext.getNewRdn().getUpName() );
 
         // bypass authz code if we are disabled
-        if ( !enabled )
+        if ( !moveAndRenameContext.getSession().getDirectoryService().isAccessControlEnabled() )
         {
             next.moveAndRename( moveAndRenameContext );
             return;
@@ -884,7 +876,7 @@
         addEntryAciTuples( tuples, entry );
         addSubentryAciTuples( moveAndRenameContext, tuples, oriChildName, entry );
 
-        engine.checkPermission( registries, moveAndRenameContext, userGroups, 
+        engine.checkPermission( schemaManager, moveAndRenameContext, userGroups, 
             principalDn, principal.getAuthenticationLevel(), oriChildName, null,
             null, MOVERENAME_PERMS, tuples, entry, null );
 
@@ -915,7 +907,7 @@
         addPerscriptiveAciTuples( moveAndRenameContext, destTuples, newName, subentryAttrs );
         // Evaluate the target context to see whether it
         // allows an entry named newName to be imported as a subordinate.
-        engine.checkPermission( registries, moveAndRenameContext, userGroups, principalDn, 
+        engine.checkPermission( schemaManager, moveAndRenameContext, userGroups, principalDn, 
             principal.getAuthenticationLevel(), newName, null,
             null, IMPORT_PERMS, destTuples, subentryAttrs, null );
 
@@ -940,7 +932,7 @@
         LdapDN principalDn = principal.getJndiName();
 
         // bypass authz code if we are disabled
-        if ( !enabled )
+        if ( !moveContext.getSession().getDirectoryService().isAccessControlEnabled() )
         {
             next.move( moveContext );
             return;
@@ -963,7 +955,7 @@
         addEntryAciTuples( tuples, entry );
         addSubentryAciTuples( moveContext, tuples, oriChildName, entry );
 
-        engine.checkPermission( registries, moveContext, userGroups, principalDn, 
+        engine.checkPermission( schemaManager, moveContext, userGroups, principalDn, 
             principal.getAuthenticationLevel(), oriChildName, null,
             null, EXPORT_PERMS, tuples, entry, null );
         
@@ -994,7 +986,7 @@
         addPerscriptiveAciTuples( moveContext, destTuples, newName, subentryAttrs );
         // Evaluate the target context to see whether it
         // allows an entry named newName to be imported as a subordinate.
-        engine.checkPermission( registries, moveContext, userGroups, principalDn, 
+        engine.checkPermission( schemaManager, moveContext, userGroups, principalDn, 
             principal.getAuthenticationLevel(), newName, null,
             null, IMPORT_PERMS, destTuples, subentryAttrs, null );
 
@@ -1009,7 +1001,7 @@
         LdapPrincipal user = opContext.getSession().getEffectivePrincipal();
         EntryFilteringCursor cursor = next.list( opContext );
         
-        if ( isPrincipalAnAdministrator( user.getJndiName() ) || !enabled )
+        if ( isPrincipalAnAdministrator( user.getJndiName() ) || !opContext.getSession().getDirectoryService().isAccessControlEnabled() )
         {
             return cursor;
         }
@@ -1030,7 +1022,7 @@
         SearchControls searchCtls = opContext.getSearchControls();
         boolean isRootDSELookup = opContext.getDn().size() == 0 && searchCtls.getSearchScope() == SearchControls.OBJECT_SCOPE;
 
-        if ( isPrincipalAnAdministrator( principalDn ) || !enabled || isRootDSELookup || isSubschemaSubentryLookup )
+        if ( isPrincipalAnAdministrator( principalDn ) || !opContext.getSession().getDirectoryService().isAccessControlEnabled() || isRootDSELookup || isSubschemaSubentryLookup )
         {
             return cursor;
         }
@@ -1057,7 +1049,7 @@
         LdapPrincipal principal = opContext.getSession().getEffectivePrincipal();
         LdapDN principalDn = principal.getJndiName();
 
-        if ( isPrincipalAnAdministrator( principalDn ) || !enabled )
+        if ( isPrincipalAnAdministrator( principalDn ) || !opContext.getSession().getDirectoryService().isAccessControlEnabled() )
         {
             return next.compare( opContext );
         }
@@ -1068,10 +1060,10 @@
         addEntryAciTuples( tuples, entry );
         addSubentryAciTuples( opContext, tuples, name, entry );
 
-        engine.checkPermission( registries, opContext, userGroups, principalDn, 
+        engine.checkPermission( schemaManager, opContext, userGroups, principalDn, 
             principal.getAuthenticationLevel(), name, null, null,
             READ_PERMS, tuples, entry, null );
-        engine.checkPermission( registries, opContext, userGroups, principalDn, 
+        engine.checkPermission( schemaManager, opContext, userGroups, principalDn, 
             principal.getAuthenticationLevel(), name, oid, value,
             COMPARE_PERMS, tuples, entry, null );
 
@@ -1085,7 +1077,7 @@
         LdapPrincipal principal = opContext.getSession().getEffectivePrincipal();
         LdapDN principalDn = principal.getJndiName();
         
-        if ( isPrincipalAnAdministrator( principalDn ) || !enabled )
+        if ( isPrincipalAnAdministrator( principalDn ) || !opContext.getSession().getDirectoryService().isAccessControlEnabled() )
         {
             return next.getMatchedName( opContext );
         }
@@ -1107,7 +1099,7 @@
             addEntryAciTuples( tuples, entry );
             addSubentryAciTuples( opContext, tuples, matched, entry );
 
-            if ( engine.hasPermission( registries, opContext, userGroups, principalDn, 
+            if ( engine.hasPermission( schemaManager, opContext, userGroups, principalDn, 
                 principal.getAuthenticationLevel(), matched, null,
                 null, MATCHEDNAME_PERMS, tuples, entry, null ) )
             {
@@ -1145,7 +1137,7 @@
         addSubentryAciTuples( opContext, tuples, normName, clonedEntry.getOriginalEntry() );
 
         if ( !engine.hasPermission( 
-                        registries, 
+                        schemaManager, 
                         opContext, 
                         userGroups, 
                         userDn, 
@@ -1177,7 +1169,7 @@
             EntryAttribute attr = clonedEntry.get( attributeType );
         
             if ( !engine.hasPermission( 
-                        registries, 
+                        schemaManager, 
                         opContext, 
                         userGroups, 
                         userDn,
@@ -1201,7 +1193,7 @@
             for ( Value<?> value:attr )
             {
                 if ( !engine.hasPermission( 
-                        registries, 
+                        schemaManager, 
                         opContext, 
                         userGroups, 
                         userDn, 
@@ -1246,7 +1238,7 @@
         public boolean accept( SearchingOperationContext operationContext, ClonedServerEntry entry ) 
             throws Exception
         {
-            LdapDN normName = entry.getDn().normalize( atRegistry.getNormalizerMapping() );
+            LdapDN normName = entry.getDn().normalize( schemaManager.getNormalizerMapping() );
             return filter( operationContext, normName, entry );
         }
     }

Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/DefaultAuthorizationInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/DefaultAuthorizationInterceptor.java?rev=896599&r1=896598&r2=896599&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/DefaultAuthorizationInterceptor.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/DefaultAuthorizationInterceptor.java Wed Jan  6 18:26:43 2010
@@ -20,17 +20,16 @@
 package org.apache.directory.server.core.authz;
 
 
-import javax.naming.NoPermissionException;
-
 import java.util.HashSet;
-import java.util.Map;
 import java.util.Set;
 
+import javax.naming.NoPermissionException;
+
 import org.apache.directory.server.constants.ServerDNConstants;
 import org.apache.directory.server.core.CoreSession;
 import org.apache.directory.server.core.DefaultCoreSession;
 import org.apache.directory.server.core.DirectoryService;
-import org.apache.directory.server.core.authn.LdapPrincipal;
+import org.apache.directory.server.core.LdapPrincipal;
 import org.apache.directory.server.core.entry.ClonedServerEntry;
 import org.apache.directory.server.core.entry.ServerEntry;
 import org.apache.directory.server.core.filtering.EntryFilter;
@@ -48,8 +47,8 @@
 import org.apache.directory.server.core.interceptor.context.RenameOperationContext;
 import org.apache.directory.server.core.interceptor.context.SearchOperationContext;
 import org.apache.directory.server.core.interceptor.context.SearchingOperationContext;
+import org.apache.directory.server.core.partition.DefaultPartitionNexus;
 import org.apache.directory.server.core.partition.PartitionNexus;
-import org.apache.directory.server.schema.registries.AttributeTypeRegistry;
 import org.apache.directory.shared.ldap.constants.AuthenticationLevel;
 import org.apache.directory.shared.ldap.constants.SchemaConstants;
 import org.apache.directory.shared.ldap.entry.EntryAttribute;
@@ -57,13 +56,13 @@
 import org.apache.directory.shared.ldap.exception.LdapNoPermissionException;
 import org.apache.directory.shared.ldap.name.LdapDN;
 import org.apache.directory.shared.ldap.schema.AttributeType;
-import org.apache.directory.shared.ldap.schema.normalizers.OidNormalizer;
+import org.apache.directory.shared.ldap.schema.SchemaManager;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 
 /**
- * An {@link Interceptor} that controls access to {@link PartitionNexus}.
+ * An {@link Interceptor} that controls access to {@link DefaultPartitionNexus}.
  * If a user tries to perform any operations that requires
  * permission he or she doesn't have, {@link NoPermissionException} will be
  * thrown and therefore the current invocation chain will terminate.
@@ -93,16 +92,8 @@
      */
     private static LdapDN ADMIN_GROUP_DN;
 
-    /**
-     * the name parser used by this service
-     */
-    private boolean enabled = true;
-    
     private Set<String> administrators = new HashSet<String>(2);
     
-    /** The normalizer mapping containing a relation between an OID and a normalizer */
-    private Map<String, OidNormalizer> normalizerMapping;
-    
     private PartitionNexus nexus;
 
     /** A starage for the uniqueMember attributeType */
@@ -121,23 +112,18 @@
     public void init( DirectoryService directoryService ) throws Exception
     {
         nexus = directoryService.getPartitionNexus();
-        normalizerMapping = directoryService.getRegistries().getAttributeTypeRegistry().getNormalizerMapping();
+        SchemaManager schemaManager = directoryService.getSchemaManager();
 
-        // disable this static module if basic access control mechanisms are enabled
-        enabled = ! directoryService.isAccessControlEnabled();
+        USER_BASE_DN = new LdapDN( ServerDNConstants.ADMIN_SYSTEM_DN );
+        USER_BASE_DN.normalize( schemaManager.getNormalizerMapping() );
         
-        USER_BASE_DN = PartitionNexus.getUsersBaseName();
-        USER_BASE_DN.normalize( normalizerMapping );
-        
-        GROUP_BASE_DN = PartitionNexus.getGroupsBaseName();
-        GROUP_BASE_DN.normalize( normalizerMapping );
+        GROUP_BASE_DN = new LdapDN( ServerDNConstants.GROUPS_SYSTEM_DN );
+        GROUP_BASE_DN.normalize( schemaManager.getNormalizerMapping() );
      
         ADMIN_GROUP_DN = new LdapDN( ServerDNConstants.ADMINISTRATORS_GROUP_DN );
-        ADMIN_GROUP_DN.normalize( normalizerMapping );
+        ADMIN_GROUP_DN.normalize( schemaManager.getNormalizerMapping() );
 
-        AttributeTypeRegistry attrRegistry = directoryService.getRegistries().getAttributeTypeRegistry();
-        
-        uniqueMemberAT = attrRegistry.lookup( SchemaConstants.UNIQUE_MEMBER_AT_OID );
+        uniqueMemberAT = schemaManager.lookupAttributeTypeRegistry( SchemaConstants.UNIQUE_MEMBER_AT_OID );
         
         loadAdministrators( directoryService );
     }
@@ -148,7 +134,7 @@
         // read in the administrators and cache their normalized names
         Set<String> newAdministrators = new HashSet<String>( 2 );
         LdapDN adminDn = new LdapDN( ServerDNConstants.ADMIN_SYSTEM_DN_NORMALIZED );
-        adminDn.normalize( directoryService.getRegistries().getAttributeTypeRegistry().getNormalizerMapping() );
+        adminDn.normalize( directoryService.getSchemaManager().getNormalizerMapping() );
         CoreSession adminSession = new DefaultCoreSession( 
             new LdapPrincipal( adminDn, AuthenticationLevel.STRONG ), directoryService );
 
@@ -164,7 +150,7 @@
         for ( Value<?> value:uniqueMember )
         {
             LdapDN memberDn = new LdapDN( value.getString() );
-            memberDn.normalize( normalizerMapping );
+            memberDn.normalize( directoryService.getSchemaManager().getNormalizerMapping() );
             newAdministrators.add( memberDn.getNormName() );
         }
         
@@ -180,7 +166,7 @@
     {
         LdapDN name = opContext.getDn();
         
-        if ( !enabled )
+        if ( opContext.getSession().getDirectoryService().isAccessControlEnabled() )
         {
             nextInterceptor.delete( opContext );
             return;
@@ -204,7 +190,7 @@
 
         if ( isTheAdministrator( name ) )
         {
-            String msg = "User " + principalDn.getUpName();
+            String msg = "User " + principalDn.getName();
             msg += " does not have permission to delete the admin account.";
             msg += " No one not even the admin can delete this account!";
             LOG.error( msg );
@@ -217,18 +203,18 @@
             {
                 if ( name.startsWith( USER_BASE_DN ) )
                 {
-                    String msg = "User " + principalDn.getUpName();
+                    String msg = "User " + principalDn.getName();
                     msg += " does not have permission to delete the user account: ";
-                    msg += name.getUpName() + ". Only the admin can delete user accounts.";
+                    msg += name.getName() + ". Only the admin can delete user accounts.";
                     LOG.error( msg );
                     throw new LdapNoPermissionException( msg );
                 }
         
                 if ( name.startsWith( GROUP_BASE_DN ) )
                 {
-                    String msg = "User " + principalDn.getUpName();
+                    String msg = "User " + principalDn.getName();
                     msg += " does not have permission to delete the group entry: ";
-                    msg += name.getUpName() + ". Only the admin can delete groups.";
+                    msg += name.getName() + ". Only the admin can delete groups.";
                     LOG.error( msg );
                     throw new LdapNoPermissionException( msg );
                 }
@@ -265,7 +251,7 @@
     public void modify( NextInterceptor nextInterceptor, ModifyOperationContext opContext )
         throws Exception
     {
-        if ( enabled )
+        if ( !opContext.getSession().getDirectoryService().isAccessControlEnabled() )
         {
             LdapDN dn = opContext.getDn();
             
@@ -306,7 +292,7 @@
             
             if ( dn.getNormName().equals( ServerDNConstants.ADMIN_SYSTEM_DN_NORMALIZED ) )
             {
-                String msg = "User " + principalDn.getUpName();
+                String msg = "User " + principalDn.getName();
                 msg += " does not have permission to modify the account of the";
                 msg += " admin user.";
                 LOG.error( msg );
@@ -317,9 +303,9 @@
                 {
                 if ( dn.startsWith( USER_BASE_DN ) )
                 {
-                    String msg = "User " + principalDn.getUpName();
+                    String msg = "User " + principalDn.getName();
                     msg += " does not have permission to modify the account of the";
-                    msg += " user " + dn.getUpName() + ".\nEven the owner of an account cannot";
+                    msg += " user " + dn.getName() + ".\nEven the owner of an account cannot";
                     msg += " modify it.\nUser accounts can only be modified by the";
                     msg += " administrator.";
                     LOG.error( msg );
@@ -328,9 +314,9 @@
     
                 if ( dn.startsWith( GROUP_BASE_DN ) )
                 {
-                    String msg = "User " + principalDn.getUpName();
+                    String msg = "User " + principalDn.getName();
                     msg += " does not have permission to modify the group entry ";
-                    msg += dn.getUpName() + ".\nGroups can only be modified by the admin.";
+                    msg += dn.getName() + ".\nGroups can only be modified by the admin.";
                     LOG.error( msg );
                     throw new LdapNoPermissionException( msg );
                 }
@@ -351,7 +337,7 @@
     public void rename( NextInterceptor nextInterceptor, RenameOperationContext opContext )
         throws Exception
     {
-        if ( enabled )
+        if ( !opContext.getSession().getDirectoryService().isAccessControlEnabled() )
         {
             protectDnAlterations( opContext.getDn() );
         }
@@ -362,7 +348,7 @@
 
     public void move( NextInterceptor nextInterceptor, MoveOperationContext opContext ) throws Exception
     {
-        if ( enabled )
+        if ( !opContext.getSession().getDirectoryService().isAccessControlEnabled() )
         {
             protectDnAlterations( opContext.getDn() );
         }
@@ -373,7 +359,7 @@
 
     public void moveAndRename( NextInterceptor nextInterceptor, MoveAndRenameOperationContext opContext ) throws Exception
     {
-        if ( enabled )
+        if ( !opContext.getSession().getDirectoryService().isAccessControlEnabled() )
         {
             protectDnAlterations( opContext.getDn() );
         }
@@ -402,19 +388,19 @@
         
         if ( isTheAdministrator( dn ) )
         {
-            String msg = "User '" + principalDn.getUpName();
+            String msg = "User '" + principalDn.getName();
             msg += "' does not have permission to move or rename the admin";
             msg += " account.  No one not even the admin can move or";
-            msg += " rename " + dn.getUpName() + "!";
+            msg += " rename " + dn.getName() + "!";
             LOG.error( msg );
             throw new LdapNoPermissionException( msg );
         }
 
         if ( dn.size() > 2 && dn.startsWith( USER_BASE_DN ) && !isAnAdministrator( principalDn ) )
         {
-            String msg = "User '" + principalDn.getUpName();
+            String msg = "User '" + principalDn.getName();
             msg += "' does not have permission to move or rename the user";
-            msg += " account: " + dn.getUpName() + ". Only the admin can move or";
+            msg += " account: " + dn.getName() + ". Only the admin can move or";
             msg += " rename user accounts.";
             LOG.error( msg );
             throw new LdapNoPermissionException( msg );
@@ -422,9 +408,9 @@
 
         if ( dn.size() > 2 && dn.startsWith( GROUP_BASE_DN ) && !isAnAdministrator( principalDn ) )
         {
-            String msg = "User " + principalDn.getUpName();
+            String msg = "User " + principalDn.getName();
             msg += " does not have permission to move or rename the group entry ";
-            msg += dn.getUpName() + ".\nGroups can only be moved or renamed by the admin.";
+            msg += dn.getName() + ".\nGroups can only be moved or renamed by the admin.";
             throw new LdapNoPermissionException( msg );
         }
     }
@@ -434,7 +420,7 @@
     {
         ClonedServerEntry serverEntry = nextInterceptor.lookup( opContext );
         
-        if ( !enabled || ( serverEntry == null ) )
+        if ( opContext.getSession().getDirectoryService().isAccessControlEnabled() || ( serverEntry == null ) )
         {
             return serverEntry;
         }
@@ -458,8 +444,8 @@
                         return;
                     }
     
-                    String msg = "Access to user account '" + normalizedDn.getUpName() + "' not permitted";
-                    msg += " for user '" + principalDn.getUpName() + "'.  Only the admin can";
+                    String msg = "Access to user account '" + normalizedDn.getName() + "' not permitted";
+                    msg += " for user '" + principalDn.getName() + "'.  Only the admin can";
                     msg += " access user account information";
                     LOG.error( msg );
                     throw new LdapNoPermissionException( msg );
@@ -473,8 +459,8 @@
                         return;
                     }
     
-                    String msg = "Access to group '" + normalizedDn.getUpName() + "' not permitted";
-                    msg += " for user '" + principalDn.getUpName() + "'.  Only the admin can";
+                    String msg = "Access to group '" + normalizedDn.getName() + "' not permitted";
+                    msg += " for user '" + principalDn.getName() + "'.  Only the admin can";
                     msg += " access group information";
                     LOG.error( msg );
                     throw new LdapNoPermissionException( msg );
@@ -490,7 +476,7 @@
                 }
 
                 String msg = "Access to admin account not permitted for user '";
-                msg += principalDn.getUpName() + "'.  Only the admin can";
+                msg += principalDn.getName() + "'.  Only the admin can";
                 msg += " access admin account information";
                 LOG.error( msg );
                 throw new LdapNoPermissionException( msg );
@@ -503,7 +489,7 @@
     {
         EntryFilteringCursor cursor = nextInterceptor.search( opContext );
 
-        if ( !enabled )
+        if ( opContext.getSession().getDirectoryService().isAccessControlEnabled() )
         {
             return cursor;
         }
@@ -522,7 +508,7 @@
     {
         EntryFilteringCursor cursor = nextInterceptor.list( opContext );
         
-        if ( !enabled )
+        if ( opContext.getSession().getDirectoryService().isAccessControlEnabled() )
         {
             return cursor;
         }
@@ -545,7 +531,7 @@
         
         if ( !dn.isNormalized() )
         {
-            dn.normalize( normalizerMapping );
+            dn.normalize( opContext.getSession().getDirectoryService().getSchemaManager().getNormalizerMapping() );
         }
 
         // Admin users gets full access to all entries

Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/GroupCache.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/GroupCache.java?rev=896599&r1=896598&r2=896599&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/GroupCache.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/GroupCache.java Wed Jan  6 18:26:43 2010
@@ -20,15 +20,15 @@
 package org.apache.directory.server.core.authz;
 
 
-import javax.naming.directory.SearchControls;
-import javax.naming.NamingException;
-
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
 
+import javax.naming.NamingException;
+import javax.naming.directory.SearchControls;
+
 import org.apache.directory.server.constants.ServerDNConstants;
 import org.apache.directory.server.core.CoreSession;
 import org.apache.directory.server.core.entry.ServerAttribute;
@@ -36,8 +36,6 @@
 import org.apache.directory.server.core.filtering.EntryFilteringCursor;
 import org.apache.directory.server.core.interceptor.context.SearchOperationContext;
 import org.apache.directory.server.core.partition.PartitionNexus;
-import org.apache.directory.server.schema.registries.AttributeTypeRegistry;
-import org.apache.directory.server.schema.registries.Registries;
 import org.apache.directory.shared.ldap.constants.SchemaConstants;
 import org.apache.directory.shared.ldap.entry.EntryAttribute;
 import org.apache.directory.shared.ldap.entry.Modification;
@@ -50,6 +48,7 @@
 import org.apache.directory.shared.ldap.message.AliasDerefMode;
 import org.apache.directory.shared.ldap.name.LdapDN;
 import org.apache.directory.shared.ldap.schema.AttributeType;
+import org.apache.directory.shared.ldap.schema.SchemaManager;
 import org.apache.directory.shared.ldap.schema.normalizers.OidNormalizer;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -100,13 +99,11 @@
      */
     public GroupCache( CoreSession session ) throws Exception
     {
-        normalizerMap = session.getDirectoryService().getRegistries().getAttributeTypeRegistry().getNormalizerMapping();
+        SchemaManager schemaManager = session.getDirectoryService().getSchemaManager();
+        normalizerMap = schemaManager.getNormalizerMapping();
         nexus = session.getDirectoryService().getPartitionNexus();
-        AttributeTypeRegistry attributeTypeRegistry = session.getDirectoryService()
-            .getRegistries().getAttributeTypeRegistry();
-
-        memberAT = attributeTypeRegistry.lookup( SchemaConstants.MEMBER_AT_OID );
-        uniqueMemberAT = attributeTypeRegistry.lookup( SchemaConstants.UNIQUE_MEMBER_AT_OID );
+        memberAT = schemaManager.lookupAttributeTypeRegistry( SchemaConstants.MEMBER_AT_OID );
+        uniqueMemberAT = schemaManager.lookupAttributeTypeRegistry( SchemaConstants.UNIQUE_MEMBER_AT_OID );
 
         // stuff for dealing with the admin group
         administratorsGroupDn = parseNormalized( ServerDNConstants.ADMINISTRATORS_GROUP_DN );
@@ -138,7 +135,7 @@
 
         for ( String suffix:suffixes )
         {
-            LdapDN baseDn = new LdapDN( suffix );
+            LdapDN baseDn = new LdapDN( suffix ).normalize( normalizerMap );
             SearchControls ctls = new SearchControls();
             ctls.setSearchScope( SearchControls.SUBTREE_SCOPE );
             
@@ -160,7 +157,7 @@
                 }
                 else
                 {
-                    LOG.warn( "Found group '{}' without any member or uniqueMember attributes", groupDn.getUpName() );
+                    LOG.warn( "Found group '{}' without any member or uniqueMember attributes", groupDn.getName() );
                 }
             }
 
@@ -299,7 +296,7 @@
 
         if ( IS_DEBUG )
         {
-            LOG.debug( "group cache contents after adding '{}' :\n {}", name.getUpName(), groups );
+            LOG.debug( "group cache contents after adding '{}' :\n {}", name.getName(), groups );
         }
     }
 
@@ -324,7 +321,7 @@
 
         if ( IS_DEBUG )
         {
-            LOG.debug( "group cache contents after deleting '{}' :\n {}", name.getUpName(), groups );
+            LOG.debug( "group cache contents after deleting '{}' :\n {}", name.getName(), groups );
         }
     }
 
@@ -376,7 +373,7 @@
      * @param entry the group entry being modified
      * @throws NamingException if there are problems accessing attribute  values
      */
-    public void groupModified( LdapDN name, List<Modification> mods, ServerEntry entry, Registries registries )
+    public void groupModified( LdapDN name, List<Modification> mods, ServerEntry entry, SchemaManager schemaManager )
         throws NamingException
     {
         EntryAttribute members = null;
@@ -417,7 +414,7 @@
 
         if ( IS_DEBUG )
         {
-            LOG.debug( "group cache contents after modifying '{}' :\n {}", name.getUpName(), groups );
+            LOG.debug( "group cache contents after modifying '{}' :\n {}", name.getName(), groups );
         }
     }
 
@@ -449,7 +446,7 @@
 
         if ( IS_DEBUG )
         {
-            LOG.debug( "group cache contents after modifying '{}' :\n {}", name.getUpName(), groups );
+            LOG.debug( "group cache contents after modifying '{}' :\n {}", name.getName(), groups );
         }
     }
 
@@ -546,7 +543,7 @@
 
             if ( IS_DEBUG )
             {
-                LOG.debug( "group cache contents after renaming '{}' :\n{}", oldName.getUpName(), groups );
+                LOG.debug( "group cache contents after renaming '{}' :\n{}", oldName.getName(), groups );
             }
 
             return true;

Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/TupleCache.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/TupleCache.java?rev=896599&r1=896598&r2=896599&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/TupleCache.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/TupleCache.java Wed Jan  6 18:26:43 2010
@@ -20,15 +20,23 @@
 package org.apache.directory.server.core.authz;
 
 
+import java.text.ParseException;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
+import javax.naming.NamingException;
+import javax.naming.directory.SearchControls;
+
 import org.apache.directory.server.core.CoreSession;
 import org.apache.directory.server.core.entry.ServerAttribute;
 import org.apache.directory.server.core.entry.ServerEntry;
 import org.apache.directory.server.core.filtering.EntryFilteringCursor;
 import org.apache.directory.server.core.interceptor.context.SearchOperationContext;
 import org.apache.directory.server.core.partition.PartitionNexus;
-import org.apache.directory.server.schema.ConcreteNameComponentNormalizer;
-import org.apache.directory.server.schema.registries.AttributeTypeRegistry;
-import org.apache.directory.server.schema.registries.OidRegistry;
 import org.apache.directory.shared.ldap.aci.ACIItem;
 import org.apache.directory.shared.ldap.aci.ACIItemParser;
 import org.apache.directory.shared.ldap.aci.ACITuple;
@@ -45,20 +53,11 @@
 import org.apache.directory.shared.ldap.name.LdapDN;
 import org.apache.directory.shared.ldap.name.NameComponentNormalizer;
 import org.apache.directory.shared.ldap.schema.AttributeType;
-import org.apache.directory.shared.ldap.schema.normalizers.OidNormalizer;
+import org.apache.directory.shared.ldap.schema.SchemaManager;
+import org.apache.directory.shared.ldap.schema.normalizers.ConcreteNameComponentNormalizer;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import javax.naming.NamingException;
-import javax.naming.directory.SearchControls;
-import java.text.ParseException;
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-
 
 /**
  * A cache for tuple sets which responds to specific events to perform
@@ -82,14 +81,9 @@
     /** a normalizing ACIItem parser */
     private final ACIItemParser aciParser;
 
-    /** A starage for the PrescriptiveACI attributeType */
+    /** A storage for the PrescriptiveACI attributeType */
     private AttributeType prescriptiveAciAT;
 
-    /**
-     * The OIDs normalizer map
-     */
-    private Map<String, OidNormalizer> normalizerMap;
-
 
     /**
      * Creates a ACITuple cache.
@@ -99,23 +93,19 @@
      */
     public TupleCache( CoreSession session ) throws Exception
     {
-        normalizerMap = session.getDirectoryService().getRegistries()
-            .getAttributeTypeRegistry().getNormalizerMapping();
+        SchemaManager schemaManager = session.getDirectoryService().getSchemaManager();
         this.nexus = session.getDirectoryService().getPartitionNexus();
-        AttributeTypeRegistry attributeTypeRegistry = session.getDirectoryService()
-            .getRegistries().getAttributeTypeRegistry();
-        OidRegistry oidRegistry = session.getDirectoryService().getRegistries().getOidRegistry();
-        NameComponentNormalizer ncn = new ConcreteNameComponentNormalizer( attributeTypeRegistry, oidRegistry );
-        aciParser = new ACIItemParser( ncn, normalizerMap );
-        prescriptiveAciAT = attributeTypeRegistry.lookup( SchemaConstants.PRESCRIPTIVE_ACI_AT );
+        NameComponentNormalizer ncn = new ConcreteNameComponentNormalizer( schemaManager );
+        aciParser = new ACIItemParser( ncn, schemaManager.getNormalizerMapping() );
+        prescriptiveAciAT = schemaManager.lookupAttributeTypeRegistry( SchemaConstants.PRESCRIPTIVE_ACI_AT );
         initialize( session );
     }
 
 
-    private LdapDN parseNormalized( String name ) throws NamingException
+    private LdapDN parseNormalized( SchemaManager schemaManager, String name ) throws NamingException
     {
         LdapDN dn = new LdapDN( name );
-        dn.normalize( normalizerMap );
+        dn.normalize( schemaManager.getNormalizerMapping() );
         return dn;
     }
 
@@ -129,7 +119,7 @@
 
         for ( String suffix:suffixes )
         {
-            LdapDN baseDn = parseNormalized( suffix );
+            LdapDN baseDn = parseNormalized( session.getDirectoryService().getSchemaManager(), suffix );
             ExprNode filter = new EqualityNode<String>( SchemaConstants.OBJECT_CLASS_AT, 
                 new ClientStringValue( SchemaConstants.ACCESS_CONTROL_SUBENTRY_OC ) );
             SearchControls ctls = new SearchControls();
@@ -140,7 +130,8 @@
             while ( results.next() )
             {
                 ServerEntry result = results.get();
-                LdapDN subentryDn = result.getDn().normalize( normalizerMap );
+                LdapDN subentryDn = result.getDn().normalize( session.getDirectoryService().getSchemaManager().
+                        getNormalizerMapping() );
                 EntryAttribute aci = result.get( prescriptiveAciAT );
 
                 if ( aci == null )

Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/ACDFEngine.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/ACDFEngine.java?rev=896599&r1=896598&r2=896599&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/ACDFEngine.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/ACDFEngine.java Wed Jan  6 18:26:43 2010
@@ -43,15 +43,14 @@
 import org.apache.directory.server.core.subtree.SubentryInterceptor;
 import org.apache.directory.server.core.subtree.SubtreeEvaluator;
 import org.apache.directory.server.core.trigger.TriggerInterceptor;
-import org.apache.directory.server.schema.registries.AttributeTypeRegistry;
-import org.apache.directory.server.schema.registries.OidRegistry;
-import org.apache.directory.server.schema.registries.Registries;
 import org.apache.directory.shared.ldap.aci.ACITuple;
 import org.apache.directory.shared.ldap.aci.MicroOperation;
 import org.apache.directory.shared.ldap.constants.AuthenticationLevel;
 import org.apache.directory.shared.ldap.entry.Value;
 import org.apache.directory.shared.ldap.exception.LdapNoPermissionException;
 import org.apache.directory.shared.ldap.name.LdapDN;
+import org.apache.directory.shared.ldap.schema.SchemaManager;
+import org.apache.directory.shared.ldap.schema.registries.OidRegistry;
 
 
 /**
@@ -90,15 +89,15 @@
      * 
      * @throws NamingException if failed to initialize internal components
      */
-    public ACDFEngine( OidRegistry oidRegistry, AttributeTypeRegistry attrTypeRegistry ) throws NamingException
+    public ACDFEngine( OidRegistry oidRegistry, SchemaManager schemaManager ) throws NamingException
     {
-        Evaluator entryEvaluator = new ExpressionEvaluator( oidRegistry, attrTypeRegistry );
-        SubtreeEvaluator subtreeEvaluator = new SubtreeEvaluator( oidRegistry, attrTypeRegistry );
+        Evaluator entryEvaluator = new ExpressionEvaluator( oidRegistry, schemaManager );
+        SubtreeEvaluator subtreeEvaluator = new SubtreeEvaluator( oidRegistry, schemaManager );
         RefinementEvaluator refinementEvaluator = new RefinementEvaluator( new RefinementLeafEvaluator( oidRegistry ) );
 
         filters = new ACITupleFilter[] {
             new RelatedUserClassFilter( subtreeEvaluator ),
-            new RelatedProtectedItemFilter( refinementEvaluator, entryEvaluator, oidRegistry, attrTypeRegistry ),
+            new RelatedProtectedItemFilter( refinementEvaluator, entryEvaluator, oidRegistry, schemaManager ),
             new MaxValueCountFilter(),
             new MaxImmSubFilter(),
             new RestrictedByFilter(),
@@ -128,7 +127,7 @@
      * @throws NamingException if failed to evaluate ACI items
      */
     public void checkPermission( 
-        Registries registries, 
+        SchemaManager schemaManager, 
         OperationContext opContext, 
         Collection<LdapDN> userGroupNames, 
         LdapDN username,
@@ -141,7 +140,7 @@
         ServerEntry entry, 
         ServerEntry entryView ) throws Exception
     {
-        if ( !hasPermission( registries, opContext, userGroupNames, username, authenticationLevel, entryName, 
+        if ( !hasPermission( schemaManager, opContext, userGroupNames, username, authenticationLevel, entryName, 
             attrId, attrValue, microOperations, aciTuples, entry, entryView ) )
         {
             throw new LdapNoPermissionException();
@@ -186,7 +185,7 @@
      * @param entryView in case of a Modify operation, view of the entry being modified as if the modification permitted and completed
      */
     public boolean hasPermission( 
-        Registries registries, 
+        SchemaManager schemaManager, 
         OperationContext opContext, 
         Collection<LdapDN> userGroupNames, 
         LdapDN userName,
@@ -229,7 +228,7 @@
         for ( ACITupleFilter filter : filters )
         {
             aciTuples = filter.filter( 
-                registries, 
+                schemaManager, 
                 aciTuples, 
                 scope, 
                 opContext, 

Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/ACITupleFilter.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/ACITupleFilter.java?rev=896599&r1=896598&r2=896599&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/ACITupleFilter.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/ACITupleFilter.java Wed Jan  6 18:26:43 2010
@@ -26,12 +26,12 @@
 
 import org.apache.directory.server.core.entry.ServerEntry;
 import org.apache.directory.server.core.interceptor.context.OperationContext;
-import org.apache.directory.server.schema.registries.Registries;
 import org.apache.directory.shared.ldap.aci.ACITuple;
 import org.apache.directory.shared.ldap.aci.MicroOperation;
 import org.apache.directory.shared.ldap.constants.AuthenticationLevel;
 import org.apache.directory.shared.ldap.entry.Value;
 import org.apache.directory.shared.ldap.name.LdapDN;
+import org.apache.directory.shared.ldap.schema.SchemaManager;
 
 
 /**
@@ -65,7 +65,7 @@
      * @throws NamingException if failed to filter the specific tuples
      */
     Collection<ACITuple> filter( 
-            Registries registries, 
+            SchemaManager schemaManager, 
             Collection<ACITuple> tuples, 
             OperationScope scope, 
             OperationContext opContext,

Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/HighestPrecedenceFilter.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/HighestPrecedenceFilter.java?rev=896599&r1=896598&r2=896599&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/HighestPrecedenceFilter.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/HighestPrecedenceFilter.java Wed Jan  6 18:26:43 2010
@@ -27,12 +27,12 @@
 
 import org.apache.directory.server.core.entry.ServerEntry;
 import org.apache.directory.server.core.interceptor.context.OperationContext;
-import org.apache.directory.server.schema.registries.Registries;
 import org.apache.directory.shared.ldap.aci.ACITuple;
 import org.apache.directory.shared.ldap.aci.MicroOperation;
 import org.apache.directory.shared.ldap.constants.AuthenticationLevel;
 import org.apache.directory.shared.ldap.entry.Value;
 import org.apache.directory.shared.ldap.name.LdapDN;
+import org.apache.directory.shared.ldap.schema.SchemaManager;
 
 
 /**
@@ -45,7 +45,7 @@
 public class HighestPrecedenceFilter implements ACITupleFilter
 {
     public Collection<ACITuple> filter( 
-            Registries registries, 
+            SchemaManager schemaManager, 
             Collection<ACITuple> tuples, 
             OperationScope scope, 
             OperationContext opContext,

Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MaxImmSubFilter.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MaxImmSubFilter.java?rev=896599&r1=896598&r2=896599&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MaxImmSubFilter.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MaxImmSubFilter.java Wed Jan  6 18:26:43 2010
@@ -20,13 +20,13 @@
 package org.apache.directory.server.core.authz.support;
 
 
-import javax.naming.directory.SearchControls;
-
 import java.util.Collection;
 import java.util.Collections;
 import java.util.HashSet;
 import java.util.Iterator;
 
+import javax.naming.directory.SearchControls;
+
 import org.apache.directory.server.core.authn.AuthenticationInterceptor;
 import org.apache.directory.server.core.authz.AciAuthorizationInterceptor;
 import org.apache.directory.server.core.authz.DefaultAuthorizationInterceptor;
@@ -39,7 +39,6 @@
 import org.apache.directory.server.core.operational.OperationalAttributeInterceptor;
 import org.apache.directory.server.core.schema.SchemaInterceptor;
 import org.apache.directory.server.core.subtree.SubentryInterceptor;
-import org.apache.directory.server.schema.registries.Registries;
 import org.apache.directory.shared.ldap.aci.ACITuple;
 import org.apache.directory.shared.ldap.aci.MicroOperation;
 import org.apache.directory.shared.ldap.aci.ProtectedItem;
@@ -50,6 +49,7 @@
 import org.apache.directory.shared.ldap.filter.PresenceNode;
 import org.apache.directory.shared.ldap.message.AliasDerefMode;
 import org.apache.directory.shared.ldap.name.LdapDN;
+import org.apache.directory.shared.ldap.schema.SchemaManager;
 
 
 
@@ -75,7 +75,7 @@
 
 
     public Collection<ACITuple> filter( 
-            Registries registries, 
+            SchemaManager schemaManager, 
             Collection<ACITuple> tuples, 
             OperationScope scope, 
             OperationContext opContext,
@@ -122,7 +122,7 @@
                 {
                     if ( immSubCount < 0 )
                     {
-                        immSubCount = getImmSubCount( registries, opContext, entryName );
+                        immSubCount = getImmSubCount( schemaManager, opContext, entryName );
                     }
 
                     ProtectedItem.MaxImmSub mis = ( ProtectedItem.MaxImmSub ) item;
@@ -154,7 +154,7 @@
     }
 
 
-    private int getImmSubCount( Registries registries, OperationContext opContext, LdapDN entryName ) throws Exception
+    private int getImmSubCount( SchemaManager schemaManager, OperationContext opContext, LdapDN entryName ) throws Exception
     {
         int cnt = 0;
         EntryFilteringCursor results = null;

Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MaxValueCountFilter.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MaxValueCountFilter.java?rev=896599&r1=896598&r2=896599&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MaxValueCountFilter.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MaxValueCountFilter.java Wed Jan  6 18:26:43 2010
@@ -27,7 +27,6 @@
 
 import org.apache.directory.server.core.entry.ServerEntry;
 import org.apache.directory.server.core.interceptor.context.OperationContext;
-import org.apache.directory.server.schema.registries.Registries;
 import org.apache.directory.shared.ldap.aci.ACITuple;
 import org.apache.directory.shared.ldap.aci.MicroOperation;
 import org.apache.directory.shared.ldap.aci.ProtectedItem;
@@ -36,6 +35,7 @@
 import org.apache.directory.shared.ldap.entry.EntryAttribute;
 import org.apache.directory.shared.ldap.entry.Value;
 import org.apache.directory.shared.ldap.name.LdapDN;
+import org.apache.directory.shared.ldap.schema.SchemaManager;
 
 
 /**
@@ -48,7 +48,7 @@
 public class MaxValueCountFilter implements ACITupleFilter
 {
     public Collection<ACITuple> filter( 
-            Registries registries, 
+            SchemaManager schemaManager, 
             Collection<ACITuple> tuples, 
             OperationScope scope, 
             OperationContext opContext,

Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MicroOperationFilter.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MicroOperationFilter.java?rev=896599&r1=896598&r2=896599&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MicroOperationFilter.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MicroOperationFilter.java Wed Jan  6 18:26:43 2010
@@ -20,19 +20,19 @@
 package org.apache.directory.server.core.authz.support;
 
 
-import java.util.Collection;  
+import java.util.Collection;
 import java.util.Iterator;
 
 import javax.naming.NamingException;
 
 import org.apache.directory.server.core.entry.ServerEntry;
 import org.apache.directory.server.core.interceptor.context.OperationContext;
-import org.apache.directory.server.schema.registries.Registries;
 import org.apache.directory.shared.ldap.aci.ACITuple;
 import org.apache.directory.shared.ldap.aci.MicroOperation;
 import org.apache.directory.shared.ldap.constants.AuthenticationLevel;
 import org.apache.directory.shared.ldap.entry.Value;
 import org.apache.directory.shared.ldap.name.LdapDN;
+import org.apache.directory.shared.ldap.schema.SchemaManager;
 
 
 /**
@@ -46,7 +46,7 @@
 public class MicroOperationFilter implements ACITupleFilter
 {
     public Collection<ACITuple> filter( 
-            Registries registries, 
+            SchemaManager schemaManager, 
             Collection<ACITuple> tuples, 
             OperationScope scope, 
             OperationContext opContext,

Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MostSpecificProtectedItemFilter.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MostSpecificProtectedItemFilter.java?rev=896599&r1=896598&r2=896599&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MostSpecificProtectedItemFilter.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MostSpecificProtectedItemFilter.java Wed Jan  6 18:26:43 2010
@@ -27,13 +27,13 @@
 
 import org.apache.directory.server.core.entry.ServerEntry;
 import org.apache.directory.server.core.interceptor.context.OperationContext;
-import org.apache.directory.server.schema.registries.Registries;
 import org.apache.directory.shared.ldap.aci.ACITuple;
 import org.apache.directory.shared.ldap.aci.MicroOperation;
 import org.apache.directory.shared.ldap.aci.ProtectedItem;
 import org.apache.directory.shared.ldap.constants.AuthenticationLevel;
 import org.apache.directory.shared.ldap.entry.Value;
 import org.apache.directory.shared.ldap.name.LdapDN;
+import org.apache.directory.shared.ldap.schema.SchemaManager;
 
 
 /**
@@ -54,7 +54,7 @@
 public class MostSpecificProtectedItemFilter implements ACITupleFilter
 {
     public Collection<ACITuple> filter( 
-            Registries registries, 
+            SchemaManager schemaManager, 
             Collection<ACITuple> tuples, 
             OperationScope scope, 
             OperationContext opContext,

Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MostSpecificUserClassFilter.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MostSpecificUserClassFilter.java?rev=896599&r1=896598&r2=896599&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MostSpecificUserClassFilter.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MostSpecificUserClassFilter.java Wed Jan  6 18:26:43 2010
@@ -27,13 +27,13 @@
 
 import org.apache.directory.server.core.entry.ServerEntry;
 import org.apache.directory.server.core.interceptor.context.OperationContext;
-import org.apache.directory.server.schema.registries.Registries;
 import org.apache.directory.shared.ldap.aci.ACITuple;
 import org.apache.directory.shared.ldap.aci.MicroOperation;
 import org.apache.directory.shared.ldap.aci.UserClass;
 import org.apache.directory.shared.ldap.constants.AuthenticationLevel;
 import org.apache.directory.shared.ldap.entry.Value;
 import org.apache.directory.shared.ldap.name.LdapDN;
+import org.apache.directory.shared.ldap.schema.SchemaManager;
 
 
 /**
@@ -52,7 +52,7 @@
 public class MostSpecificUserClassFilter implements ACITupleFilter
 {
     public Collection<ACITuple> filter( 
-            Registries registries, 
+            SchemaManager schemaManager, 
             Collection<ACITuple> tuples, 
             OperationScope scope, 
             OperationContext opContext,

Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/RelatedProtectedItemFilter.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/RelatedProtectedItemFilter.java?rev=896599&r1=896598&r2=896599&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/RelatedProtectedItemFilter.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/RelatedProtectedItemFilter.java Wed Jan  6 18:26:43 2010
@@ -30,9 +30,6 @@
 import org.apache.directory.server.core.event.Evaluator;
 import org.apache.directory.server.core.interceptor.context.OperationContext;
 import org.apache.directory.server.core.subtree.RefinementEvaluator;
-import org.apache.directory.server.schema.registries.AttributeTypeRegistry;
-import org.apache.directory.server.schema.registries.OidRegistry;
-import org.apache.directory.server.schema.registries.Registries;
 import org.apache.directory.shared.ldap.aci.ACITuple;
 import org.apache.directory.shared.ldap.aci.MicroOperation;
 import org.apache.directory.shared.ldap.aci.ProtectedItem;
@@ -44,6 +41,8 @@
 import org.apache.directory.shared.ldap.entry.Value;
 import org.apache.directory.shared.ldap.name.LdapDN;
 import org.apache.directory.shared.ldap.schema.AttributeType;
+import org.apache.directory.shared.ldap.schema.SchemaManager;
+import org.apache.directory.shared.ldap.schema.registries.OidRegistry;
 import org.apache.directory.shared.ldap.util.AttributeUtils;
 
 
@@ -58,22 +57,20 @@
 {
     private final RefinementEvaluator refinementEvaluator;
     private final Evaluator entryEvaluator;
-    private final OidRegistry oidRegistry;
-    private final AttributeTypeRegistry attrRegistry;
+    private final SchemaManager schemaManager;
 
 
     public RelatedProtectedItemFilter( RefinementEvaluator refinementEvaluator, Evaluator entryEvaluator, 
-        OidRegistry oidRegistry, AttributeTypeRegistry attrRegistry )
+        OidRegistry oidRegistry, SchemaManager schemaManager )
     {
         this.refinementEvaluator = refinementEvaluator;
         this.entryEvaluator = entryEvaluator;
-        this.oidRegistry = oidRegistry;
-        this.attrRegistry = attrRegistry;
+        this.schemaManager = schemaManager;
     }
 
 
     public Collection<ACITuple> filter( 
-            Registries registries, 
+            SchemaManager schemaManager, 
             Collection<ACITuple> tuples, 
             OperationScope scope, 
             OperationContext opContext,
@@ -115,7 +112,7 @@
         
         if ( attrId != null )
         {
-            oid = oidRegistry.getOid( attrId );
+            oid = schemaManager.getAttributeTypeRegistry().getOidByName( attrId );
         }
         
         for ( ProtectedItem item : tuple.getProtectedItems() )
@@ -153,9 +150,10 @@
                 }
 
                 ProtectedItem.AllAttributeValues aav = ( ProtectedItem.AllAttributeValues ) item;
+
                 for ( Iterator<String> j = aav.iterator(); j.hasNext(); )
                 {
-                    if ( oid.equals( oidRegistry.getOid( j.next() ) ) )
+                    if ( oid.equals( schemaManager.getAttributeTypeRegistry().getOidByName( j.next() ) ) )
                     {
                         return true;
                     }
@@ -169,9 +167,10 @@
                 }
 
                 ProtectedItem.AttributeType at = ( ProtectedItem.AttributeType ) item;
+                
                 for ( Iterator<String> j = at.iterator(); j.hasNext(); )
                 {
-                    if ( oid.equals( oidRegistry.getOid( j.next() ) ) )
+                    if ( oid.equals( schemaManager.getAttributeTypeRegistry().getOidByName( j.next() ) ) )
                     {
                         return true;
                     }
@@ -188,8 +187,8 @@
                 for ( Iterator<Attribute> j = av.iterator(); j.hasNext(); )
                 {
                     Attribute attr = j.next();
-                    String attrOid = oidRegistry.getOid( attr.getID() );
-                    AttributeType attrType = attrRegistry.lookup( attrOid );
+                    String attrOid = schemaManager.getAttributeTypeRegistry().getOidByName( attr.getID() );
+                    AttributeType attrType = schemaManager.lookupAttributeTypeRegistry( attrOid );
                     
                     if ( oid.equals( attrOid ) && AttributeUtils.containsValue( attr, attrValue, attrType ) )
                     {
@@ -220,7 +219,8 @@
                 for ( Iterator<MaxValueCountItem> j = mvc.iterator(); j.hasNext(); )
                 {
                     MaxValueCountItem mvcItem = j.next();
-                    if ( oid.equals( oidRegistry.getOid( mvcItem.getAttributeType() ) ) )
+                    
+                    if ( oid.equals( schemaManager.getAttributeTypeRegistry().getOidByName( mvcItem.getAttributeType() ) ) )
                     {
                         return true;
                     }
@@ -246,7 +246,7 @@
                 for ( Iterator<RestrictedByItem> j = rb.iterator(); j.hasNext(); )
                 {
                     RestrictedByItem rbItem = j.next();
-                    if ( oid.equals( oidRegistry.getOid( rbItem.getAttributeType() ) ) )
+                    if ( oid.equals( schemaManager.getAttributeTypeRegistry().getOidByName( rbItem.getAttributeType() ) ) )
                     {
                         return true;
                     }
@@ -263,13 +263,14 @@
                 for ( Iterator<String> j = sv.iterator(); j.hasNext(); )
                 {
                     String svItem = j.next();
-                    if ( oid.equals( oidRegistry.getOid( svItem ) ) )
+                    
+                    if ( oid.equals( schemaManager.getAttributeTypeRegistry().getOidByName( svItem ) ) )
                     {
                         EntryAttribute attr = entry.get( oid );
                         
                         if ( ( attr != null ) && 
                              ( ( attr.contains( userName.toNormName() ) || 
-                               ( attr.contains( userName.getUpName() ) ) ) ) )
+                               ( attr.contains( userName.getName() ) ) ) ) )
                         {
                             return true;
                         }

Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/RelatedUserClassFilter.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/RelatedUserClassFilter.java?rev=896599&r1=896598&r2=896599&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/RelatedUserClassFilter.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/RelatedUserClassFilter.java Wed Jan  6 18:26:43 2010
@@ -28,13 +28,13 @@
 import org.apache.directory.server.core.entry.ServerEntry;
 import org.apache.directory.server.core.interceptor.context.OperationContext;
 import org.apache.directory.server.core.subtree.SubtreeEvaluator;
-import org.apache.directory.server.schema.registries.Registries;
 import org.apache.directory.shared.ldap.aci.ACITuple;
 import org.apache.directory.shared.ldap.aci.MicroOperation;
 import org.apache.directory.shared.ldap.aci.UserClass;
 import org.apache.directory.shared.ldap.constants.AuthenticationLevel;
 import org.apache.directory.shared.ldap.entry.Value;
 import org.apache.directory.shared.ldap.name.LdapDN;
+import org.apache.directory.shared.ldap.schema.SchemaManager;
 import org.apache.directory.shared.ldap.subtree.SubtreeSpecification;
 
 
@@ -59,7 +59,7 @@
 
 
     public Collection<ACITuple> filter( 
-            Registries registries, 
+            SchemaManager schemaManager, 
             Collection<ACITuple> tuples, 
             OperationScope scope, 
             OperationContext opContext,

Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/RestrictedByFilter.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/RestrictedByFilter.java?rev=896599&r1=896598&r2=896599&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/RestrictedByFilter.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/RestrictedByFilter.java Wed Jan  6 18:26:43 2010
@@ -27,7 +27,6 @@
 
 import org.apache.directory.server.core.entry.ServerEntry;
 import org.apache.directory.server.core.interceptor.context.OperationContext;
-import org.apache.directory.server.schema.registries.Registries;
 import org.apache.directory.shared.ldap.aci.ACITuple;
 import org.apache.directory.shared.ldap.aci.MicroOperation;
 import org.apache.directory.shared.ldap.aci.ProtectedItem;
@@ -36,6 +35,7 @@
 import org.apache.directory.shared.ldap.entry.EntryAttribute;
 import org.apache.directory.shared.ldap.entry.Value;
 import org.apache.directory.shared.ldap.name.LdapDN;
+import org.apache.directory.shared.ldap.schema.SchemaManager;
 
 
 /**
@@ -48,7 +48,7 @@
 public class RestrictedByFilter implements ACITupleFilter
 {
     public Collection<ACITuple> filter( 
-            Registries registries, 
+            SchemaManager schemaManager, 
             Collection<ACITuple> tuples, 
             OperationScope scope, 
             OperationContext opContext,

Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/changelog/ChangeLogInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/changelog/ChangeLogInterceptor.java?rev=896599&r1=896598&r2=896599&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/changelog/ChangeLogInterceptor.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/changelog/ChangeLogInterceptor.java Wed Jan  6 18:26:43 2010
@@ -94,8 +94,8 @@
 
         changeLog = directoryService.getChangeLog();
         schemaService = directoryService.getSchemaService();
-        entryDeleted = directoryService.getRegistries().getAttributeTypeRegistry()
-                .lookup( ApacheSchemaConstants.ENTRY_DELETED_AT_OID );
+        entryDeleted = directoryService.getSchemaManager()
+                .lookupAttributeTypeRegistry( ApacheSchemaConstants.ENTRY_DELETED_AT_OID );
     }
 
 
@@ -221,7 +221,16 @@
             // @todo make sure we're not putting in operational attributes that cannot be user modified
             serverEntry = getAttributes( opContext );
         }
+        
+        // Duplicate modifications so that the reverse does not contain the operational attributes
+        List<Modification> clonedMods = new ArrayList<Modification>(); 
+
+        for ( Modification mod : opContext.getModItems() )
+        {
+            clonedMods.add( mod.clone() );
+        }
 
+        // Call the next interceptor
         next.modify( opContext );
 
         // @TODO: needs big consideration!!!
@@ -249,9 +258,9 @@
         forward.setChangeType( ChangeType.Modify );
         forward.setDn( opContext.getDn() );
         
-        List<Modification> mods = new ArrayList<Modification>( opContext.getModItems().size() );
+        List<Modification> mods = new ArrayList<Modification>( clonedMods.size() );
         
-        for ( Modification modItem : opContext.getModItems() )
+        for ( Modification modItem : clonedMods )
         {
             Modification mod = ((ServerModification)modItem).toClientModification();
             
@@ -287,13 +296,15 @@
     {
         ServerEntry serverEntry = null;
         
-        if ( changeLog.isEnabled() && renameContext.isFirstOperation() )
+        if ( renameContext.getEntry() != null )
         {
-            // @todo make sure we're not putting in operational attributes that cannot be user modified
-            serverEntry = getAttributes( renameContext );
+            serverEntry = renameContext.getEntry().getOriginalEntry();
         }
-
+        
         next.rename( renameContext );
+        
+        // After this point, the entry has been modified. The cloned entry contains
+        // the modified entry, the originalEntry has changed
 
         if ( ! changeLog.isEnabled() || ! renameContext.isFirstOperation() )
         {
@@ -336,7 +347,7 @@
         forward.setDn( opCtx.getDn() );
         forward.setDeleteOldRdn( opCtx.getDelOldDn() );
         forward.setNewRdn( opCtx.getNewRdn().getUpName() );
-        forward.setNewSuperior( opCtx.getParent().getUpName() );
+        forward.setNewSuperior( opCtx.getParent().getName() );
 
         List<LdifEntry> reverses = LdifRevertor.reverseMoveAndRename(  
             serverEntry, opCtx.getParent(), new Rdn( opCtx.getNewRdn() ), false );
@@ -356,7 +367,7 @@
         LdifEntry forward = new LdifEntry();
         forward.setChangeType( ChangeType.ModDn );
         forward.setDn( opCtx.getDn() );
-        forward.setNewSuperior( opCtx.getParent().getUpName() );
+        forward.setNewSuperior( opCtx.getParent().getName() );
 
         LdifEntry reverse = LdifRevertor.reverseMove( opCtx.getParent(), opCtx.getDn() );
         opCtx.setChangeLogEvent( changeLog.log( getPrincipal(), forward, reverse ) );

Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/changelog/DefaultChangeLog.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/changelog/DefaultChangeLog.java?rev=896599&r1=896598&r2=896599&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/changelog/DefaultChangeLog.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/changelog/DefaultChangeLog.java Wed Jan  6 18:26:43 2010
@@ -22,7 +22,7 @@
 import java.util.List;
 
 import org.apache.directory.server.core.DirectoryService;
-import org.apache.directory.server.core.authn.LdapPrincipal;
+import org.apache.directory.server.core.LdapPrincipal;
 import org.apache.directory.server.core.partition.Partition;
 import org.apache.directory.shared.ldap.ldif.LdifEntry;
 import org.slf4j.Logger;
@@ -312,7 +312,7 @@
                 tmp.createPartition( partitionSuffix, revContainerName, tagContainerName );
                 
                 Partition partition = tmp.getPartition();
-                partition.init( service );
+                partition.initialize( );
 
                 service.addPartition( partition );
             }

Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/changelog/MemoryChangeLogStore.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/changelog/MemoryChangeLogStore.java?rev=896599&r1=896598&r2=896599&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/changelog/MemoryChangeLogStore.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/changelog/MemoryChangeLogStore.java Wed Jan  6 18:26:43 2010
@@ -36,7 +36,7 @@
 import java.util.Properties;
 
 import org.apache.directory.server.core.DirectoryService;
-import org.apache.directory.server.core.authn.LdapPrincipal;
+import org.apache.directory.server.core.LdapPrincipal;
 import org.apache.directory.shared.ldap.cursor.Cursor;
 import org.apache.directory.shared.ldap.cursor.ListCursor;
 import org.apache.directory.shared.ldap.ldif.LdifEntry;



Mime
View raw message