directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From elecha...@apache.org
Subject svn commit: r946694 - in /directory/apacheds/trunk: core-api/src/main/java/org/apache/directory/server/core/ core-api/src/main/java/org/apache/directory/server/core/interceptor/context/ core/src/main/java/org/apache/directory/server/core/ core/src/main...
Date Thu, 20 May 2010 16:33:48 GMT
Author: elecharny
Date: Thu May 20 16:33:47 2010
New Revision: 946694

URL: http://svn.apache.org/viewvc?rev=946694&view=rev
Log:
o Modified the PrincipalDN interface
o Slight optim in delete : avoid a useless normalization

Modified:
    directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/LdapCoreSessionConnection.java
    directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/LdapPrincipal.java
    directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/interceptor/context/UnbindOperationContext.java
    directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/DefaultCoreSession.java
    directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/AciAuthorizationInterceptor.java
    directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/DefaultAuthorizationInterceptor.java
    directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/normalization/NormalizationInterceptor.java
    directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/trigger/SimpleTriggerExecutionAuthorizer.java
    directory/apacheds/trunk/core/src/test/java/org/apache/directory/server/core/changelog/MemoryChangeLogStoreTest.java
    directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/BindHandler.java

Modified: directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/LdapCoreSessionConnection.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/LdapCoreSessionConnection.java?rev=946694&r1=946693&r2=946694&view=diff
==============================================================================
--- directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/LdapCoreSessionConnection.java
(original)
+++ directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/LdapCoreSessionConnection.java
Thu May 20 16:33:47 2010
@@ -395,6 +395,7 @@ public class LdapCoreSessionConnection i
     {
         DeleteResponse resp = new DeleteResponse();
         resp.setLdapResult( getDefaultResult() );
+        
         try
         {
             session.delete( dn );

Modified: directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/LdapPrincipal.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/LdapPrincipal.java?rev=946694&r1=946693&r2=946694&view=diff
==============================================================================
--- directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/LdapPrincipal.java
(original)
+++ directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/LdapPrincipal.java
Thu May 20 16:33:47 2010
@@ -44,7 +44,7 @@ public final class LdapPrincipal impleme
     private static final long serialVersionUID = 3906650782395676720L;
 
     /** the normalized distinguished name of the principal */
-    private DN name;
+    private DN dn;
 
     /** the no name anonymous user whose DN is the empty String */
     public static final LdapPrincipal ANONYMOUS = new LdapPrincipal();
@@ -64,14 +64,14 @@ public final class LdapPrincipal impleme
      * this package friendly so only code in the package can create a
      * trusted principal.
      *
-     * @param name the normalized distinguished name of the principal
+     * @param dn the normalized distinguished name of the principal
      * @param authenticationLevel the authentication level for this principal
      */
-    public LdapPrincipal( DN name, AuthenticationLevel authenticationLevel )
+    public LdapPrincipal( DN dn, AuthenticationLevel authenticationLevel )
     {
-        this.name = name;
+        this.dn = dn;
         
-        if ( ! name.isNormalized() )
+        if ( ! dn.isNormalized() )
         {
             throw new IllegalStateException( I18n.err( I18n.ERR_436 ) );
         }
@@ -85,13 +85,13 @@ public final class LdapPrincipal impleme
      * this package friendly so only code in the package can create a
      * trusted principal.
      *
-     * @param name the normalized distinguished name of the principal
+     * @param dn the normalized distinguished name of the principal
      * @param authenticationLevel the authentication level for this principal
      * @param userPassword The user password
      */
-    public LdapPrincipal( DN name, AuthenticationLevel authenticationLevel, byte[] userPassword
)
+    public LdapPrincipal( DN dn, AuthenticationLevel authenticationLevel, byte[] userPassword
)
     {
-        this.name = name;
+        this.dn = dn;
         this.authenticationLevel = authenticationLevel;
         this.userPassword = new byte[ userPassword.length ];
         System.arraycopy( userPassword, 0, this.userPassword, 0, userPassword.length );
@@ -104,21 +104,33 @@ public final class LdapPrincipal impleme
      */
     public LdapPrincipal()
     {
-        name = new DN();
+        dn = new DN();
         authenticationLevel = AuthenticationLevel.NONE;
         userPassword = null;
     }
 
 
     /**
+     * Gets a reference to the distinguished name of this
+     * principal as a {@link DN}.
+     *
+     * @return the distinguished name of the principal as a {@link DN}
+     */
+    public DN getDNRef()
+    {
+        return dn;
+    }
+
+
+    /**
      * Gets a cloned copy of the normalized distinguished name of this
      * principal as a {@link DN}.
      *
      * @return the cloned distinguished name of the principal as a {@link DN}
      */
-    public DN getClonedName()
+    public DN getDN()
     {
-        return ( DN ) name.clone();
+        return ( DN ) dn.clone();
     }
 
 
@@ -127,7 +139,7 @@ public final class LdapPrincipal impleme
      */
     public String getName()
     {
-        return name.getNormName();
+        return dn.getNormName();
     }
 
 
@@ -148,7 +160,7 @@ public final class LdapPrincipal impleme
      */
     public String toString()
     {
-        return "['" + name.getName() + "', '" + StringTools.utf8ToString( userPassword )
+"']'";
+        return "['" + dn.getName() + "', '" + StringTools.utf8ToString( userPassword ) +"']'";
     }
 
 
@@ -192,7 +204,7 @@ public final class LdapPrincipal impleme
     public void readExternal( ObjectInput in ) throws IOException , ClassNotFoundException
     {
         // Read the name
-        name = (DN)in.readObject();
+        dn = (DN)in.readObject();
         
         // read the authentication level
         int level = in.readInt();
@@ -212,13 +224,13 @@ public final class LdapPrincipal impleme
     public void writeExternal( ObjectOutput out ) throws IOException
     {
         // Write the name
-        if ( name == null )
+        if ( dn == null )
         {
             out.writeObject( DN.EMPTY_DN );
         }
         else
         {
-            out.writeObject( name );
+            out.writeObject( dn );
         }
         
         // write the authentication level
@@ -230,8 +242,5 @@ public final class LdapPrincipal impleme
         {
             out.writeInt( authenticationLevel.getLevel() );
         }
-        
-        // and flush the result
-        //out.flush();
     }
 }

Modified: directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/interceptor/context/UnbindOperationContext.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/interceptor/context/UnbindOperationContext.java?rev=946694&r1=946693&r2=946694&view=diff
==============================================================================
--- directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/interceptor/context/UnbindOperationContext.java
(original)
+++ directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/interceptor/context/UnbindOperationContext.java
Thu May 20 16:33:47 2010
@@ -39,13 +39,13 @@ public class UnbindOperationContext exte
      */
     public UnbindOperationContext( CoreSession session )
     {
-        super( session, session.getEffectivePrincipal().getClonedName() );
+        super( session, session.getEffectivePrincipal().getDN() );
     }
     
 
     public UnbindOperationContext( CoreSession session, InternalUnbindRequest unbindRequest
)
     {
-        super( session, session.getEffectivePrincipal().getClonedName() );
+        super( session, session.getEffectivePrincipal().getDN() );
         this.setRequestControls( unbindRequest.getControls() );
     }
 

Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/DefaultCoreSession.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/DefaultCoreSession.java?rev=946694&r1=946693&r2=946694&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/DefaultCoreSession.java
(original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/DefaultCoreSession.java
Thu May 20 16:33:47 2010
@@ -768,7 +768,7 @@ public class DefaultCoreSession implemen
 
     public boolean isAnonymous()
     {
-        return getEffectivePrincipal().getClonedName().isEmpty();
+        return getEffectivePrincipal().getDNRef().isEmpty();
     }
 
 

Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/AciAuthorizationInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/AciAuthorizationInterceptor.java?rev=946694&r1=946693&r2=946694&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/AciAuthorizationInterceptor.java
(original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/AciAuthorizationInterceptor.java
Thu May 20 16:33:47 2010
@@ -228,7 +228,7 @@ public class AciAuthorizationInterceptor
 
     private void protectCriticalEntries( DN dn ) throws Exception
     {
-        DN principalDn = getPrincipal().getClonedName();
+        DN principalDn = getPrincipal().getDNRef();
 
         if ( dn.isEmpty() )
         {
@@ -421,7 +421,7 @@ public class AciAuthorizationInterceptor
     {
         // Access the principal requesting the operation, and bypass checks if it is the
admin
         LdapPrincipal principal = addContext.getSession().getEffectivePrincipal();
-        DN principalDn = principal.getClonedName();
+        DN principalDn = principal.getDN();
         
         Entry serverEntry = addContext.getEntry(); 
         //Attributes entry = ServerEntryUtils.toAttributesImpl( serverEntry );
@@ -495,11 +495,6 @@ public class AciAuthorizationInterceptor
 
     public void delete( NextInterceptor next, DeleteOperationContext deleteContext ) throws
Exception
     {
-        DN name = deleteContext.getDn();
-        
-        LdapPrincipal principal = deleteContext.getSession().getEffectivePrincipal();
-        DN principalDn = principal.getClonedName();
-
         // bypass authz code if we are disabled
         if ( ! deleteContext.getSession().getDirectoryService().isAccessControlEnabled()
)
         {
@@ -507,6 +502,10 @@ public class AciAuthorizationInterceptor
             return;
         }
 
+        DN name = deleteContext.getDn();
+        LdapPrincipal principal = deleteContext.getSession().getEffectivePrincipal();
+        DN principalDn = principal.getDN();
+
         Entry entry = deleteContext.lookup( name, ByPassConstants.LOOKUP_BYPASS );
 
         protectCriticalEntries( name );
@@ -543,7 +542,7 @@ public class AciAuthorizationInterceptor
         Entry entry = opContext.lookup( name, ByPassConstants.LOOKUP_BYPASS );
         
         LdapPrincipal principal = opContext.getSession().getEffectivePrincipal();
-        DN principalDn = principal.getClonedName();
+        DN principalDn = principal.getDN();
 
         // bypass authz code if we are disabled
         if ( !opContext.getSession().getDirectoryService().isAccessControlEnabled() )
@@ -678,7 +677,7 @@ public class AciAuthorizationInterceptor
         
         // TODO - eventually replace this with a check on session.isAnAdministrator()
         LdapPrincipal principal = entryContext.getSession().getEffectivePrincipal();
-        DN principalDn = principal.getClonedName();
+        DN principalDn = principal.getDN();
         if ( isPrincipalAnAdministrator( principalDn ) )
         {
             return answer;
@@ -724,7 +723,7 @@ public class AciAuthorizationInterceptor
         }
 
         LdapPrincipal principal = lookupContext.getSession().getEffectivePrincipal();
-        DN userName = principal.getClonedName();
+        DN userName = principal.getDN();
         Set<DN> userGroups = groupCache.getGroups( userName.getNormName() );
         Collection<ACITuple> tuples = new HashSet<ACITuple>();
         addPerscriptiveAciTuples( lookupContext, tuples, lookupContext.getDn(), entry );
@@ -766,7 +765,7 @@ public class AciAuthorizationInterceptor
         DirectoryService directoryService = session.getDirectoryService();
         
         LdapPrincipal principal = session.getEffectivePrincipal();
-        DN principalDn = principal.getClonedName();
+        DN principalDn = principal.getDN();
         
         if ( !principalDn.isNormalized() )
         {
@@ -798,7 +797,7 @@ public class AciAuthorizationInterceptor
         }
         
         LdapPrincipal principal = renameContext.getSession().getEffectivePrincipal();
-        DN principalDn = principal.getClonedName();
+        DN principalDn = principal.getDN();
         DN newName = renameContext.getNewDn();
 
         // bypass authz code if we are disabled
@@ -847,7 +846,7 @@ public class AciAuthorizationInterceptor
         Entry entry = moveAndRenameContext.lookup( oriChildName, ByPassConstants.LOOKUP_BYPASS
);
         
         LdapPrincipal principal = moveAndRenameContext.getSession().getEffectivePrincipal();
-        DN principalDn = principal.getClonedName();
+        DN principalDn = principal.getDN();
         DN newName = ( DN ) newParentName.clone();
         newName.add( moveAndRenameContext.getNewRdn().getName() );
 
@@ -928,7 +927,7 @@ public class AciAuthorizationInterceptor
         DN newName = ( DN ) newParentName.clone();
         newName.add( oriChildName.get( oriChildName.size() - 1 ) );
         LdapPrincipal principal = moveContext.getSession().getEffectivePrincipal();
-        DN principalDn = principal.getClonedName();
+        DN principalDn = principal.getDN();
 
         // bypass authz code if we are disabled
         if ( !moveContext.getSession().getDirectoryService().isAccessControlEnabled() )
@@ -1000,7 +999,7 @@ public class AciAuthorizationInterceptor
         LdapPrincipal user = opContext.getSession().getEffectivePrincipal();
         EntryFilteringCursor cursor = next.list( opContext );
         
-        if ( isPrincipalAnAdministrator( user.getClonedName() ) || !opContext.getSession().getDirectoryService().isAccessControlEnabled()
)
+        if ( isPrincipalAnAdministrator( user.getDNRef() ) || !opContext.getSession().getDirectoryService().isAccessControlEnabled()
)
         {
             return cursor;
         }
@@ -1014,7 +1013,7 @@ public class AciAuthorizationInterceptor
     public EntryFilteringCursor search( NextInterceptor next, SearchOperationContext opContext
) throws Exception
     {
         LdapPrincipal user = opContext.getSession().getEffectivePrincipal();
-        DN principalDn = user.getClonedName();
+        DN principalDn = user.getDN();
         EntryFilteringCursor cursor = next.search( opContext );
 
         boolean isSubschemaSubentryLookup = subschemaSubentryDn.equals( opContext.getDn().getNormName()
);
@@ -1046,7 +1045,7 @@ public class AciAuthorizationInterceptor
         Entry entry = opContext.lookup( name, ByPassConstants.LOOKUP_BYPASS );
 
         LdapPrincipal principal = opContext.getSession().getEffectivePrincipal();
-        DN principalDn = principal.getClonedName();
+        DN principalDn = principal.getDN();
 
         if ( isPrincipalAnAdministrator( principalDn ) || !opContext.getSession().getDirectoryService().isAccessControlEnabled()
)
         {
@@ -1074,7 +1073,7 @@ public class AciAuthorizationInterceptor
     {
         // Access the principal requesting the operation, and bypass checks if it is the
admin
         LdapPrincipal principal = opContext.getSession().getEffectivePrincipal();
-        DN principalDn = principal.getClonedName();
+        DN principalDn = principal.getDN();
         
         if ( isPrincipalAnAdministrator( principalDn ) || !opContext.getSession().getDirectoryService().isAccessControlEnabled()
)
         {
@@ -1128,7 +1127,7 @@ public class AciAuthorizationInterceptor
          */
         
         LdapPrincipal principal = opContext.getSession().getEffectivePrincipal();
-        DN userDn = principal.getClonedName();
+        DN userDn = principal.getDN();
         Set<DN> userGroups = groupCache.getGroups( userDn.getNormName() );
         Collection<ACITuple> tuples = new HashSet<ACITuple>();
         addPerscriptiveAciTuples( opContext, tuples, normName, clonedEntry.getOriginalEntry()
);

Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/DefaultAuthorizationInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/DefaultAuthorizationInterceptor.java?rev=946694&r1=946693&r2=946694&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/DefaultAuthorizationInterceptor.java
(original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/DefaultAuthorizationInterceptor.java
Thu May 20 16:33:47 2010
@@ -78,19 +78,13 @@ public class DefaultAuthorizationInterce
     /** the logger for this class */
     private static final Logger LOG = LoggerFactory.getLogger( DefaultAuthorizationInterceptor.class
);
 
-    /**
-     * the base distinguished {@link Name} for all users
-     */
-    private static DN USER_BASE_DN;
+    /** the base distinguished {@link Name} for the admin system */
+    private static DN ADMIN_SYSTEM_DN;
 
-    /**
-     * the base distinguished {@link Name} for all groups
-     */
+    /** the base distinguished {@link Name} for all groups */
     private static DN GROUP_BASE_DN;
 
-    /**
-     * the distinguished {@link Name} for the administrator group
-     */
+    /** the distinguished {@link Name} for the administrator group */
     private static DN ADMIN_GROUP_DN;
 
     private Set<String> administrators = new HashSet<String>(2);
@@ -115,8 +109,8 @@ public class DefaultAuthorizationInterce
         nexus = directoryService.getPartitionNexus();
         SchemaManager schemaManager = directoryService.getSchemaManager();
 
-        USER_BASE_DN = new DN( ServerDNConstants.ADMIN_SYSTEM_DN );
-        USER_BASE_DN.normalize( schemaManager.getNormalizerMapping() );
+        ADMIN_SYSTEM_DN = new DN( ServerDNConstants.ADMIN_SYSTEM_DN );
+        ADMIN_SYSTEM_DN.normalize( schemaManager.getNormalizerMapping() );
         
         GROUP_BASE_DN = new DN( ServerDNConstants.GROUPS_SYSTEM_DN );
         GROUP_BASE_DN.normalize( schemaManager.getNormalizerMapping() );
@@ -165,51 +159,51 @@ public class DefaultAuthorizationInterce
 
     public void delete( NextInterceptor nextInterceptor, DeleteOperationContext opContext
) throws Exception
     {
-        DN name = opContext.getDn();
-        
         if ( opContext.getSession().getDirectoryService().isAccessControlEnabled() )
         {
             nextInterceptor.delete( opContext );
             return;
         }
 
-        DN principalDn = getPrincipal().getClonedName();
+        DN dn = opContext.getDn();
 
-        if ( name.isEmpty() )
+        if ( dn.isEmpty() )
         {
             String msg = I18n.err( I18n.ERR_12 );
             LOG.error( msg );
             throw new LdapNoPermissionException( msg );
         }
 
-        if ( name.getNormName().equals( ADMIN_GROUP_DN.getNormName() ) )
+        if ( dn.equals( ADMIN_GROUP_DN ) )
         {
             String msg = I18n.err( I18n.ERR_13 );
             LOG.error( msg );
             throw new LdapNoPermissionException( msg );
         }
+        
+        DN principalDN = getPrincipal().getDNRef();
 
-        if ( isTheAdministrator( name ) )
+        if ( dn.equals( ADMIN_SYSTEM_DN ) )
         {
-            String msg = I18n.err( I18n.ERR_14, principalDn.getName() );
+            String msg = I18n.err( I18n.ERR_14, principalDN.getName() );
             LOG.error( msg );
             throw new LdapNoPermissionException( msg );
         }
 
-        if ( name.size() > 2 )
+        if ( dn.size() > 2 )
         {
-            if ( !isAnAdministrator( principalDn ) )
+            if ( !isAnAdministrator( principalDN ) )
             {
-                if ( name.isChildOf( USER_BASE_DN ) )
+                if ( dn.isChildOf( ADMIN_SYSTEM_DN ) )
                 {
-                    String msg = I18n.err( I18n.ERR_15, principalDn.getName(), name.getName()
);
+                    String msg = I18n.err( I18n.ERR_15, principalDN.getName(), dn.getName()
);
                     LOG.error( msg );
                     throw new LdapNoPermissionException( msg );
                 }
         
-                if ( name.isChildOf( GROUP_BASE_DN ) )
+                if ( dn.isChildOf( GROUP_BASE_DN ) )
                 {
-                    String msg = I18n.err( I18n.ERR_16, principalDn.getName(), name.getName()
);
+                    String msg = I18n.err( I18n.ERR_16, principalDN.getName(), dn.getName()
);
                     LOG.error( msg );
                     throw new LdapNoPermissionException( msg );
                 }
@@ -222,14 +216,13 @@ public class DefaultAuthorizationInterce
     
     private boolean isTheAdministrator( DN normalizedDn )
     {
-        return normalizedDn.getNormName().equals( ServerDNConstants.ADMIN_SYSTEM_DN_NORMALIZED
);
+        return normalizedDn.equals( ADMIN_SYSTEM_DN );
     }
     
     
-    private boolean isAnAdministrator( DN normalizedDn )
+    private boolean isAnAdministrator( DN dn )
     {
-        return isTheAdministrator( normalizedDn ) || administrators.contains( normalizedDn.getNormName()
);
-
+        return isTheAdministrator( dn ) || administrators.contains( dn.getNormName() );
     }
     
 
@@ -268,7 +261,7 @@ public class DefaultAuthorizationInterce
 
     private void protectModifyAlterations( DN dn ) throws Exception
     {
-        DN principalDn = getPrincipal().getClonedName();
+        DN principalDn = getPrincipal().getDN();
 
         if ( dn.isEmpty() )
         {
@@ -294,7 +287,7 @@ public class DefaultAuthorizationInterce
 
             if ( dn.size() > 2 ) 
                 {
-                if ( dn.isChildOf( USER_BASE_DN ) )
+                if ( dn.isChildOf( ADMIN_SYSTEM_DN ) )
                 {
                     String msg = I18n.err( I18n.ERR_19, principalDn.getName(),  dn.getName()
);
                     LOG.error( msg );
@@ -357,7 +350,7 @@ public class DefaultAuthorizationInterce
 
     private void protectDnAlterations( DN dn ) throws Exception
     {
-        DN principalDn = getPrincipal().getClonedName();
+        DN principalDn = getPrincipal().getDN();
 
         if ( dn.isEmpty() )
         {
@@ -380,7 +373,7 @@ public class DefaultAuthorizationInterce
             throw new LdapNoPermissionException( msg );
         }
 
-        if ( dn.size() > 2 && dn.isChildOf( USER_BASE_DN ) && !isAnAdministrator(
principalDn ) )
+        if ( dn.size() > 2 && dn.isChildOf( ADMIN_SYSTEM_DN ) && !isAnAdministrator(
principalDn ) )
         {
             String msg = I18n.err( I18n.ERR_23, principalDn.getName(), dn.getName() );
             LOG.error( msg );
@@ -406,7 +399,7 @@ public class DefaultAuthorizationInterce
             return entry;
         }
 
-        protectLookUp( session.getEffectivePrincipal().getClonedName(), opContext.getDn()
);
+        protectLookUp( session.getEffectivePrincipal().getDN(), opContext.getDn() );
         
         return entry;
     }
@@ -418,7 +411,7 @@ public class DefaultAuthorizationInterce
         {
             if ( normalizedDn.size() > 2 )
             {
-                if( normalizedDn.isChildOf( USER_BASE_DN ) )
+                if( normalizedDn.isChildOf( ADMIN_SYSTEM_DN ) )
                 {
                     // allow for self reads
                     if ( normalizedDn.getNormName().equals( principalDn.getNormName() ) )
@@ -502,7 +495,7 @@ public class DefaultAuthorizationInterce
 
     private boolean isSearchable( OperationContext opContext, ClonedServerEntry result )
throws Exception
     {
-        DN principalDn = opContext.getSession().getEffectivePrincipal().getClonedName();
+        DN principalDn = opContext.getSession().getEffectivePrincipal().getDN();
         DN dn = result.getDn();
         
         if ( !dn.isNormalized() )
@@ -530,7 +523,7 @@ public class DefaultAuthorizationInterce
             // stuff this if in here instead of up in outer if to prevent 
             // constant needless reexecution for all entries in other depths
             
-            if ( dn.getNormName().endsWith( USER_BASE_DN.getNormName() ) 
+            if ( dn.getNormName().endsWith( ADMIN_SYSTEM_DN.getNormName() ) 
                 || dn.getNormName().endsWith( GROUP_BASE_DN.getNormName() ) )
             {
                 return false;

Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/normalization/NormalizationInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/normalization/NormalizationInterceptor.java?rev=946694&r1=946693&r2=946694&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/normalization/NormalizationInterceptor.java
(original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/normalization/NormalizationInterceptor.java
Thu May 20 16:33:47 2010
@@ -125,7 +125,13 @@ public class NormalizationInterceptor ex
      */
     public void delete( NextInterceptor nextInterceptor, DeleteOperationContext opContext
) throws Exception
     {
-        opContext.getDn().normalize( schemaManager.getNormalizerMapping() );
+        DN dn = opContext.getDn();
+        
+        if ( !dn.isNormalized() )
+        {
+            dn.normalize( schemaManager.getNormalizerMapping() );
+        }
+        
         nextInterceptor.delete( opContext );
     }
 
@@ -404,5 +410,4 @@ public class NormalizationInterceptor ex
             }
         }
     }
-
 }

Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/trigger/SimpleTriggerExecutionAuthorizer.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/trigger/SimpleTriggerExecutionAuthorizer.java?rev=946694&r1=946693&r2=946694&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/trigger/SimpleTriggerExecutionAuthorizer.java
(original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/trigger/SimpleTriggerExecutionAuthorizer.java
Thu May 20 16:33:47 2010
@@ -46,7 +46,7 @@ public class SimpleTriggerExecutionAutho
     
     public boolean hasPermission( OperationContext opContext ) throws LdapException
     {
-        DN principalName = opContext.getSession().getEffectivePrincipal().getClonedName();
+        DN principalName = opContext.getSession().getEffectivePrincipal().getDN();
         return principalName.equals( adminName );
     }
 }

Modified: directory/apacheds/trunk/core/src/test/java/org/apache/directory/server/core/changelog/MemoryChangeLogStoreTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/test/java/org/apache/directory/server/core/changelog/MemoryChangeLogStoreTest.java?rev=946694&r1=946693&r2=946694&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/test/java/org/apache/directory/server/core/changelog/MemoryChangeLogStoreTest.java
(original)
+++ directory/apacheds/trunk/core/src/test/java/org/apache/directory/server/core/changelog/MemoryChangeLogStoreTest.java
Thu May 20 16:33:47 2010
@@ -153,7 +153,7 @@ public class MemoryChangeLogStoreTest
         
         assertEquals( principal.getAuthenticationLevel(), readPrincipal.getAuthenticationLevel()
);
         assertEquals( principal.getName(), readPrincipal.getName() );
-        assertEquals( principal.getClonedName(), readPrincipal.getClonedName() );
+        assertEquals( principal.getDN(), readPrincipal.getDN() );
         assertNull( readPrincipal.getUserPassword() );
         
         assertEquals( zuluTime, read.getZuluTime() );

Modified: directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/BindHandler.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/BindHandler.java?rev=946694&r1=946693&r2=946694&view=diff
==============================================================================
--- directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/BindHandler.java
(original)
+++ directory/apacheds/trunk/protocol-ldap/src/main/java/org/apache/directory/server/ldap/handlers/BindHandler.java
Thu May 20 16:33:47 2010
@@ -305,7 +305,7 @@ public class BindHandler extends LdapReq
                 {
                     DirectoryService ds = ldapSession.getLdapServer().getDirectoryService();
                     String saslMechanism = bindRequest.getSaslMechanism();
-                    CoreSession userSession = ds.getSession( ldapPrincipal.getClonedName(),
ldapPrincipal
+                    CoreSession userSession = ds.getSession( ldapPrincipal.getDN(), ldapPrincipal
                         .getUserPassword(), saslMechanism, null );
 
                     // Set the user session into the ldap session 



Mime
View raw message