directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From elecha...@apache.org
Subject svn commit: r949396 [1/2] - in /directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core: ./ authz/ event/ exception/ normalization/ subtree/ trigger/
Date Sat, 29 May 2010 14:30:38 GMT
Author: elecharny
Date: Sat May 29 14:30:37 2010
New Revision: 949396

URL: http://svn.apache.org/viewvc?rev=949396&view=rev
Log:
o Removed useless lookup() for the modification operation

Modified:
    directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/DefaultOperationManager.java
    directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/AciAuthorizationInterceptor.java
    directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/event/EventInterceptor.java
    directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/exception/ExceptionInterceptor.java
    directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/normalization/NormalizationInterceptor.java
    directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/subtree/SubentryInterceptor.java
    directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/trigger/TriggerInterceptor.java

Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/DefaultOperationManager.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/DefaultOperationManager.java?rev=949396&r1=949395&r2=949396&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/DefaultOperationManager.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/DefaultOperationManager.java Sat May 29 14:30:37 2010
@@ -49,8 +49,8 @@ import org.apache.directory.server.core.
 import org.apache.directory.server.i18n.I18n;
 import org.apache.directory.shared.ldap.codec.util.LdapURLEncodingException;
 import org.apache.directory.shared.ldap.constants.SchemaConstants;
-import org.apache.directory.shared.ldap.entry.EntryAttribute;
 import org.apache.directory.shared.ldap.entry.Entry;
+import org.apache.directory.shared.ldap.entry.EntryAttribute;
 import org.apache.directory.shared.ldap.entry.Value;
 import org.apache.directory.shared.ldap.exception.LdapAffectMultipleDsaException;
 import org.apache.directory.shared.ldap.exception.LdapInvalidDnException;
@@ -87,63 +87,62 @@ public class DefaultOperationManager imp
     {
         this.directoryService = directoryService;
     }
-    
-    
-    private LdapReferralException buildReferralException( Entry parentEntry, DN childDn ) 
+
+
+    private LdapReferralException buildReferralException( Entry parentEntry, DN childDn )
         throws LdapInvalidDnException, LdapURLEncodingException
     {
         // Get the Ref attributeType
         EntryAttribute refs = parentEntry.get( SchemaConstants.REF_AT );
-        
+
         List<String> urls = new ArrayList<String>();
-        
+
         // manage each Referral, building the correct URL for each of them
-        for ( Value<?> url:refs )
+        for ( Value<?> url : refs )
         {
             // we have to replace the parent by the referral
             LdapURL ldapUrl = new LdapURL( url.getString() );
-            
+
             // We have a problem with the DN : we can't use the UpName,
             // as we may have some spaces around the ',' and '+'.
             // So we have to take the RDN one by one, and create a 
             // new DN with the type and value UP form
-            
-            DN urlDn = (DN)ldapUrl.getDn().addAll( childDn );
-            
+
+            DN urlDn = ( DN ) ldapUrl.getDn().addAll( childDn );
+
             ldapUrl.setDn( urlDn );
             urls.add( ldapUrl.toString() );
         }
-        
+
         // Return with an exception
         LdapReferralException lre = new LdapReferralException( urls );
         lre.setRemainingDn( childDn );
         lre.setResolvedDn( parentEntry.getDn() );
         lre.setResolvedObject( parentEntry );
-        
+
         return lre;
     }
-    
-    
-    private LdapReferralException buildReferralExceptionForSearch( 
-        Entry parentEntry, DN childDn, SearchScope scope ) 
+
+
+    private LdapReferralException buildReferralExceptionForSearch( Entry parentEntry, DN childDn, SearchScope scope )
         throws LdapInvalidDnException, LdapURLEncodingException
     {
         // Get the Ref attributeType
         EntryAttribute refs = parentEntry.get( SchemaConstants.REF_AT );
-        
+
         List<String> urls = new ArrayList<String>();
-        
+
         // manage each Referral, building the correct URL for each of them
-        for ( Value<?> url:refs )
+        for ( Value<?> url : refs )
         {
             // we have to replace the parent by the referral
             try
             {
                 LdapURL ldapUrl = new LdapURL( url.getString() );
-                
+
                 StringBuilder urlString = new StringBuilder();
-    
-                if ( ( ldapUrl.getDn() == null ) || ( ldapUrl.getDn() == DN.EMPTY_DN) )
+
+                if ( ( ldapUrl.getDn() == null ) || ( ldapUrl.getDn() == DN.EMPTY_DN ) )
                 {
                     ldapUrl.setDn( parentEntry.getDn() );
                 }
@@ -153,29 +152,29 @@ public class DefaultOperationManager imp
                     // as we may have some spaces around the ',' and '+'.
                     // So we have to take the RDN one by one, and create a 
                     // new DN with the type and value UP form
-                    
-                    DN urlDn = (DN)ldapUrl.getDn().addAll( childDn );
-                    
+
+                    DN urlDn = ( DN ) ldapUrl.getDn().addAll( childDn );
+
                     ldapUrl.setDn( urlDn );
                 }
-                
+
                 urlString.append( ldapUrl.toString() ).append( "??" );
-                
+
                 switch ( scope )
                 {
-                    case OBJECT :
+                    case OBJECT:
                         urlString.append( "base" );
                         break;
-                        
-                    case SUBTREE :
+
+                    case SUBTREE:
                         urlString.append( "sub" );
                         break;
-                        
-                    case ONELEVEL :
+
+                    case ONELEVEL:
                         urlString.append( "one" );
                         break;
                 }
-                
+
                 urls.add( urlString.toString() );
             }
             catch ( LdapURLEncodingException luee )
@@ -184,13 +183,13 @@ public class DefaultOperationManager imp
                 urls.add( url.getString() );
             }
         }
-        
+
         // Return with an exception
         LdapReferralException lre = new LdapReferralException( urls );
         lre.setRemainingDn( childDn );
         lre.setResolvedDn( parentEntry.getDn() );
         lre.setResolvedObject( parentEntry );
-        
+
         return lre;
     }
 
@@ -198,14 +197,14 @@ public class DefaultOperationManager imp
     private LdapPartialResultException buildLdapPartialResultException( DN childDn )
     {
         LdapPartialResultException lpre = new LdapPartialResultException( I18n.err( I18n.ERR_315 ) );
-        
+
         lpre.setRemainingDn( childDn );
         lpre.setResolvedDn( DN.EMPTY_DN );
-        
+
         return lpre;
     }
-    
-    
+
+
     /**
      * {@inheritDoc}
      */
@@ -213,10 +212,10 @@ public class DefaultOperationManager imp
     {
         LOG.debug( ">> AddOperation : {}", opContext );
         LOG_CHANGES.debug( ">> AddOperation : {}", opContext );
-        
+
         ensureStarted();
         push( opContext );
-        
+
         try
         {
             // Normalize the opContext DN
@@ -229,14 +228,14 @@ public class DefaultOperationManager imp
             if ( directoryService.getReferralManager().hasParentReferral( dn ) )
             {
                 Entry parentEntry = directoryService.getReferralManager().getParentReferral( dn );
-                DN childDn = (DN)dn.getSuffix( parentEntry.getDn().size() );
+                DN childDn = ( DN ) dn.getSuffix( parentEntry.getDn().size() );
 
                 // Depending on the Context.REFERRAL property value, we will throw
                 // a different exception.
                 if ( opContext.isReferralIgnored() )
                 {
                     directoryService.getReferralManager().unlock();
-                    
+
                     LdapPartialResultException exception = buildLdapPartialResultException( childDn );
                     throw exception;
                 }
@@ -244,7 +243,7 @@ public class DefaultOperationManager imp
                 {
                     // Unlock the referral manager
                     directoryService.getReferralManager().unlock();
-                    
+
                     LdapReferralException exception = buildReferralException( parentEntry, childDn );
                     throw exception;
                 }
@@ -275,10 +274,10 @@ public class DefaultOperationManager imp
     public void bind( BindOperationContext opContext ) throws Exception
     {
         LOG.debug( ">> BindOperation : {}", opContext );
-        
+
         ensureStarted();
         push( opContext );
-        
+
         try
         {
             directoryService.getInterceptorChain().bind( opContext );
@@ -298,10 +297,10 @@ public class DefaultOperationManager imp
     public boolean compare( CompareOperationContext opContext ) throws Exception
     {
         LOG.debug( ">> CompareOperation : {}", opContext );
-        
+
         ensureStarted();
         push( opContext );
-        
+
         try
         {
             // Normalize the opContext DN
@@ -313,12 +312,12 @@ public class DefaultOperationManager imp
 
             // Check if we have an ancestor for this DN
             Entry parentEntry = directoryService.getReferralManager().getParentReferral( dn );
-            
+
             if ( parentEntry != null )
             {
                 // We have found a parent referral for the current DN 
-                DN childDn = (DN)dn.getSuffix( parentEntry.getDn().size() );
-    
+                DN childDn = ( DN ) dn.getSuffix( parentEntry.getDn().size() );
+
                 if ( directoryService.getReferralManager().isReferral( dn ) )
                 {
                     // This is a referral. We can delete it if the ManageDsaIt flag is true
@@ -328,7 +327,7 @@ public class DefaultOperationManager imp
                         // Throw a Referral Exception
                         // Unlock the referral manager
                         directoryService.getReferralManager().unlock();
-                        
+
                         LdapReferralException exception = buildReferralException( parentEntry, childDn );
                         throw exception;
                     }
@@ -340,7 +339,7 @@ public class DefaultOperationManager imp
                     if ( opContext.isReferralIgnored() )
                     {
                         directoryService.getReferralManager().unlock();
-                        
+
                         LdapPartialResultException exception = buildLdapPartialResultException( childDn );
                         throw exception;
                     }
@@ -348,7 +347,7 @@ public class DefaultOperationManager imp
                     {
                         // Unlock the referral manager
                         directoryService.getReferralManager().unlock();
-                        
+
                         LdapReferralException exception = buildReferralException( parentEntry, childDn );
                         throw exception;
                     }
@@ -378,10 +377,10 @@ public class DefaultOperationManager imp
     {
         LOG.debug( ">> DeleteOperation : {}", opContext );
         LOG_CHANGES.debug( ">> DeleteOperation : {}", opContext );
-        
+
         ensureStarted();
         push( opContext );
-        
+
         try
         {
             // Normalize the opContext DN
@@ -392,12 +391,12 @@ public class DefaultOperationManager imp
             directoryService.getReferralManager().lockRead();
 
             Entry parentEntry = directoryService.getReferralManager().getParentReferral( dn );
-            
+
             if ( parentEntry != null )
             {
                 // We have found a parent referral for the current DN 
                 DN childDn = dn.getSuffix( parentEntry.getDn().size() );
-    
+
                 if ( directoryService.getReferralManager().isReferral( dn ) )
                 {
                     // This is a referral. We can delete it if the ManageDsaIt flag is true
@@ -407,7 +406,7 @@ public class DefaultOperationManager imp
                         // Throw a Referral Exception
                         // Unlock the referral manager
                         directoryService.getReferralManager().unlock();
-                        
+
                         LdapReferralException exception = buildReferralException( parentEntry, childDn );
                         throw exception;
                     }
@@ -415,13 +414,13 @@ public class DefaultOperationManager imp
                 else if ( directoryService.getReferralManager().hasParentReferral( dn ) )
                 {
                     // We can't delete an entry which has an ancestor referral
-    
+
                     // Depending on the Context.REFERRAL property value, we will throw
                     // a different exception.
                     if ( opContext.isReferralIgnored() )
                     {
                         directoryService.getReferralManager().unlock();
-                        
+
                         LdapPartialResultException exception = buildLdapPartialResultException( childDn );
                         throw exception;
                     }
@@ -429,7 +428,7 @@ public class DefaultOperationManager imp
                     {
                         // Unlock the referral manager
                         directoryService.getReferralManager().unlock();
-                        
+
                         LdapReferralException exception = buildReferralException( parentEntry, childDn );
                         throw exception;
                     }
@@ -459,10 +458,10 @@ public class DefaultOperationManager imp
     public DN getMatchedName( GetMatchedNameOperationContext opContext ) throws Exception
     {
         LOG.debug( ">> GetMatchedNameOperation : {}", opContext );
-        
+
         ensureStarted();
         push( opContext );
-        
+
         try
         {
             return directoryService.getInterceptorChain().getMatchedName( opContext );
@@ -479,14 +478,13 @@ public class DefaultOperationManager imp
     /**
      * {@inheritDoc}
      */
-    public ClonedServerEntry getRootDSE( GetRootDSEOperationContext opContext ) 
-        throws Exception
+    public ClonedServerEntry getRootDSE( GetRootDSEOperationContext opContext ) throws Exception
     {
         LOG.debug( ">> GetRootDSEOperation : {}", opContext );
-        
+
         ensureStarted();
         push( opContext );
-        
+
         try
         {
             InterceptorChain chain = directoryService.getInterceptorChain();
@@ -507,10 +505,10 @@ public class DefaultOperationManager imp
     public DN getSuffix( GetSuffixOperationContext opContext ) throws Exception
     {
         LOG.debug( ">> GetSuffixOperation : {}", opContext );
-        
+
         ensureStarted();
         push( opContext );
-        
+
         try
         {
             return directoryService.getInterceptorChain().getSuffix( opContext );
@@ -530,10 +528,10 @@ public class DefaultOperationManager imp
     public boolean hasEntry( EntryOperationContext opContext ) throws Exception
     {
         LOG.debug( ">> hasEntryOperation : {}", opContext );
-        
+
         ensureStarted();
         push( opContext );
-        
+
         try
         {
             return directoryService.getInterceptorChain().hasEntry( opContext );
@@ -553,10 +551,10 @@ public class DefaultOperationManager imp
     public EntryFilteringCursor list( ListOperationContext opContext ) throws Exception
     {
         LOG.debug( ">> ListOperation : {}", opContext );
-        
+
         ensureStarted();
         push( opContext );
-        
+
         try
         {
             return directoryService.getInterceptorChain().list( opContext );
@@ -573,14 +571,13 @@ public class DefaultOperationManager imp
     /**
      * {@inheritDoc}
      */
-    public Set<String> listSuffixes( ListSuffixOperationContext opContext ) 
-        throws Exception
+    public Set<String> listSuffixes( ListSuffixOperationContext opContext ) throws Exception
     {
         LOG.debug( ">> ListSuffixesOperation : {}", opContext );
-        
+
         ensureStarted();
         push( opContext );
-        
+
         try
         {
             return directoryService.getInterceptorChain().listSuffixes( opContext );
@@ -600,10 +597,10 @@ public class DefaultOperationManager imp
     public Entry lookup( LookupOperationContext opContext ) throws Exception
     {
         LOG.debug( ">> LookupOperation : {}", opContext );
-        
+
         ensureStarted();
         push( opContext );
-        
+
         try
         {
             InterceptorChain chain = directoryService.getInterceptorChain();
@@ -625,28 +622,27 @@ public class DefaultOperationManager imp
     {
         LOG.debug( ">> ModifyOperation : {}", opContext );
         LOG_CHANGES.debug( ">> ModifyOperation : {}", opContext );
-        
+
         ensureStarted();
         push( opContext );
-        
+
         try
         {
             // Normalize the opContext DN
             DN dn = opContext.getDn();
             dn.normalize( directoryService.getSchemaManager().getNormalizerMapping() );
 
+            ReferralManager referralManager = directoryService.getReferralManager();
+
             // We have to deal with the referral first
-            directoryService.getReferralManager().lockRead();
+            referralManager.lockRead();
 
             // Check if we have an ancestor for this DN
-            Entry parentEntry = directoryService.getReferralManager().getParentReferral( dn );
-            
+            Entry parentEntry = referralManager.getParentReferral( dn );
+
             if ( parentEntry != null )
             {
-                // We have found a parent referral for the current DN 
-                DN childDn = (DN)dn.getSuffix( parentEntry.getDn().size() );
-    
-                if ( directoryService.getReferralManager().isReferral( dn ) )
+                if ( referralManager.isReferral( dn ) )
                 {
                     // This is a referral. We can delete it if the ManageDsaIt flag is true
                     // Otherwise, we just throw a LdapReferralException
@@ -654,30 +650,39 @@ public class DefaultOperationManager imp
                     {
                         // Throw a Referral Exception
                         // Unlock the referral manager
-                        directoryService.getReferralManager().unlock();
-                        
+                        referralManager.unlock();
+
+                        // We have found a parent referral for the current DN 
+                        DN childDn = dn.getSuffix( parentEntry.getDn().size() );
+
                         LdapReferralException exception = buildReferralException( parentEntry, childDn );
                         throw exception;
                     }
                 }
-                else if ( directoryService.getReferralManager().hasParentReferral( dn ) )
+                else if ( referralManager.hasParentReferral( dn ) )
                 {
                     // We can't delete an entry which has an ancestor referral
-    
+
                     // Depending on the Context.REFERRAL property value, we will throw
                     // a different exception.
                     if ( opContext.isReferralIgnored() )
                     {
-                        directoryService.getReferralManager().unlock();
-                        
+                        referralManager.unlock();
+
+                        // We have found a parent referral for the current DN 
+                        DN childDn = dn.getSuffix( parentEntry.getDn().size() );
+
                         LdapPartialResultException exception = buildLdapPartialResultException( childDn );
                         throw exception;
                     }
                     else
                     {
                         // Unlock the referral manager
-                        directoryService.getReferralManager().unlock();
-                        
+                        referralManager.unlock();
+
+                        // We have found a parent referral for the current DN 
+                        DN childDn = dn.getSuffix( parentEntry.getDn().size() );
+
                         LdapReferralException exception = buildReferralException( parentEntry, childDn );
                         throw exception;
                     }
@@ -685,7 +690,7 @@ public class DefaultOperationManager imp
             }
 
             // Unlock the ReferralManager
-            directoryService.getReferralManager().unlock();
+            referralManager.unlock();
 
             // Call the Add method
             InterceptorChain interceptorChain = directoryService.getInterceptorChain();
@@ -708,10 +713,10 @@ public class DefaultOperationManager imp
     {
         LOG.debug( ">> MoveOperation : {}", opContext );
         LOG_CHANGES.debug( ">> MoveOperation : {}", opContext );
-        
+
         ensureStarted();
         push( opContext );
-        
+
         try
         {
             // Normalize the opContext DN
@@ -723,12 +728,12 @@ public class DefaultOperationManager imp
 
             // Check if we have an ancestor for this DN
             Entry parentEntry = directoryService.getReferralManager().getParentReferral( dn );
-            
+
             if ( parentEntry != null )
             {
                 // We have found a parent referral for the current DN 
-                DN childDn = (DN)dn.getSuffix( parentEntry.getDn().size() );
-    
+                DN childDn = ( DN ) dn.getSuffix( parentEntry.getDn().size() );
+
                 if ( directoryService.getReferralManager().isReferral( dn ) )
                 {
                     // This is a referral. We can delete it if the ManageDsaIt flag is true
@@ -738,7 +743,7 @@ public class DefaultOperationManager imp
                         // Throw a Referral Exception
                         // Unlock the referral manager
                         directoryService.getReferralManager().unlock();
-                        
+
                         LdapReferralException exception = buildReferralException( parentEntry, childDn );
                         throw exception;
                     }
@@ -746,13 +751,13 @@ public class DefaultOperationManager imp
                 else if ( directoryService.getReferralManager().hasParentReferral( dn ) )
                 {
                     // We can't delete an entry which has an ancestor referral
-    
+
                     // Depending on the Context.REFERRAL property value, we will throw
                     // a different exception.
                     if ( opContext.isReferralIgnored() )
                     {
                         directoryService.getReferralManager().unlock();
-                        
+
                         LdapPartialResultException exception = buildLdapPartialResultException( childDn );
                         throw exception;
                     }
@@ -760,13 +765,13 @@ public class DefaultOperationManager imp
                     {
                         // Unlock the referral manager
                         directoryService.getReferralManager().unlock();
-                        
+
                         LdapReferralException exception = buildReferralException( parentEntry, childDn );
                         throw exception;
                     }
                 }
             }
-            
+
             // Now, check the destination
             // Normalize the opContext DN
             DN parentDn = opContext.getParent();
@@ -774,15 +779,15 @@ public class DefaultOperationManager imp
 
             // If he parent DN is a referral, or has a referral ancestor, we have to issue a AffectMultipleDsas result
             // as stated by RFC 3296 Section 5.6.2
-            if ( directoryService.getReferralManager().isReferral( parentDn ) ||
-                 directoryService.getReferralManager().hasParentReferral( parentDn ) )
+            if ( directoryService.getReferralManager().isReferral( parentDn )
+                || directoryService.getReferralManager().hasParentReferral( parentDn ) )
             {
                 // Unlock the referral manager
                 directoryService.getReferralManager().unlock();
 
                 LdapAffectMultipleDsaException exception = new LdapAffectMultipleDsaException();
                 //exception.setRemainingName( dn );
-                
+
                 throw exception;
             }
 
@@ -810,10 +815,10 @@ public class DefaultOperationManager imp
     {
         LOG.debug( ">> MoveAndRenameOperation : {}", opContext );
         LOG_CHANGES.debug( ">> MoveAndRenameOperation : {}", opContext );
-        
+
         ensureStarted();
         push( opContext );
-        
+
         try
         {
             // Normalize the opContext DN
@@ -825,12 +830,12 @@ public class DefaultOperationManager imp
 
             // Check if we have an ancestor for this DN
             Entry parentEntry = directoryService.getReferralManager().getParentReferral( dn );
-            
+
             if ( parentEntry != null )
             {
                 // We have found a parent referral for the current DN 
-                DN childDn = (DN)dn.getSuffix( parentEntry.getDn().size() );
-    
+                DN childDn = ( DN ) dn.getSuffix( parentEntry.getDn().size() );
+
                 if ( directoryService.getReferralManager().isReferral( dn ) )
                 {
                     // This is a referral. We can delete it if the ManageDsaIt flag is true
@@ -840,7 +845,7 @@ public class DefaultOperationManager imp
                         // Throw a Referral Exception
                         // Unlock the referral manager
                         directoryService.getReferralManager().unlock();
-                        
+
                         LdapReferralException exception = buildReferralException( parentEntry, childDn );
                         throw exception;
                     }
@@ -848,13 +853,13 @@ public class DefaultOperationManager imp
                 else if ( directoryService.getReferralManager().hasParentReferral( dn ) )
                 {
                     // We can't delete an entry which has an ancestor referral
-    
+
                     // Depending on the Context.REFERRAL property value, we will throw
                     // a different exception.
                     if ( opContext.isReferralIgnored() )
                     {
                         directoryService.getReferralManager().unlock();
-                        
+
                         LdapPartialResultException exception = buildLdapPartialResultException( childDn );
                         throw exception;
                     }
@@ -862,13 +867,13 @@ public class DefaultOperationManager imp
                     {
                         // Unlock the referral manager
                         directoryService.getReferralManager().unlock();
-                        
+
                         LdapReferralException exception = buildReferralException( parentEntry, childDn );
                         throw exception;
                     }
                 }
             }
-            
+
             // Now, check the destination
             // Normalize the opContext DN
             DN parentDn = opContext.getParent();
@@ -876,8 +881,8 @@ public class DefaultOperationManager imp
 
             // If he parent DN is a referral, or has a referral ancestor, we have to issue a AffectMultipleDsas result
             // as stated by RFC 3296 Section 5.6.2
-            if ( directoryService.getReferralManager().isReferral( parentDn ) ||
-                 directoryService.getReferralManager().hasParentReferral( parentDn ) )
+            if ( directoryService.getReferralManager().isReferral( parentDn )
+                || directoryService.getReferralManager().hasParentReferral( parentDn ) )
             {
                 // Unlock the referral manager
                 directoryService.getReferralManager().unlock();
@@ -886,10 +891,10 @@ public class DefaultOperationManager imp
                 // as stated by RFC 3296 Section 5.6.2
                 LdapAffectMultipleDsaException exception = new LdapAffectMultipleDsaException();
                 //exception.setRemainingName( dn );
-                
+
                 throw exception;
             }
-            
+
             // Unlock the ReferralManager
             directoryService.getReferralManager().unlock();
 
@@ -914,10 +919,10 @@ public class DefaultOperationManager imp
     {
         LOG.debug( ">> RenameOperation : {}", opContext );
         LOG_CHANGES.debug( ">> RenameOperation : {}", opContext );
-        
+
         ensureStarted();
         push( opContext );
-        
+
         try
         {
             // Normalize the opContext DN
@@ -928,23 +933,23 @@ public class DefaultOperationManager imp
             // Inject the new DN into the context
             if ( !dn.isEmpty() )
             {
-                DN newDn = (DN)dn.clone();
+                DN newDn = ( DN ) dn.clone();
                 newDn.remove( dn.size() - 1 );
                 newDn.add( opContext.getNewRdn() );
                 opContext.setNewDn( newDn );
             }
-            
+
             // We have to deal with the referral first
             directoryService.getReferralManager().lockRead();
 
             // Check if we have an ancestor for this DN
             Entry parentEntry = directoryService.getReferralManager().getParentReferral( dn );
-            
+
             if ( parentEntry != null )
             {
                 // We have found a parent referral for the current DN 
-                DN childDn = (DN)dn.getSuffix( parentEntry.getDn().size() );
-    
+                DN childDn = ( DN ) dn.getSuffix( parentEntry.getDn().size() );
+
                 if ( directoryService.getReferralManager().isReferral( dn ) )
                 {
                     // This is a referral. We can delete it if the ManageDsaIt flag is true
@@ -954,7 +959,7 @@ public class DefaultOperationManager imp
                         // Throw a Referral Exception
                         // Unlock the referral manager
                         directoryService.getReferralManager().unlock();
-                        
+
                         LdapReferralException exception = buildReferralException( parentEntry, childDn );
                         throw exception;
                     }
@@ -962,13 +967,13 @@ public class DefaultOperationManager imp
                 else if ( directoryService.getReferralManager().hasParentReferral( dn ) )
                 {
                     // We can't delete an entry which has an ancestor referral
-    
+
                     // Depending on the Context.REFERRAL property value, we will throw
                     // a different exception.
                     if ( opContext.isReferralIgnored() )
                     {
                         directoryService.getReferralManager().unlock();
-                        
+
                         LdapPartialResultException exception = buildLdapPartialResultException( childDn );
                         throw exception;
                     }
@@ -976,7 +981,7 @@ public class DefaultOperationManager imp
                     {
                         // Unlock the referral manager
                         directoryService.getReferralManager().unlock();
-                        
+
                         LdapReferralException exception = buildReferralException( parentEntry, childDn );
                         throw exception;
                     }
@@ -1006,10 +1011,10 @@ public class DefaultOperationManager imp
     public EntryFilteringCursor search( SearchOperationContext opContext ) throws Exception
     {
         LOG.debug( ">> SearchOperation : {}", opContext );
-        
+
         ensureStarted();
         push( opContext );
-        
+
         try
         {
             // Normalize the opContext DN
@@ -1021,12 +1026,12 @@ public class DefaultOperationManager imp
 
             // Check if we have an ancestor for this DN
             Entry parentEntry = directoryService.getReferralManager().getParentReferral( dn );
-            
+
             if ( parentEntry != null )
             {
                 // We have found a parent referral for the current DN 
-                DN childDn = (DN)dn.getSuffix( parentEntry.getDn().size() );
-    
+                DN childDn = ( DN ) dn.getSuffix( parentEntry.getDn().size() );
+
                 if ( directoryService.getReferralManager().isReferral( dn ) )
                 {
                     // This is a referral. We can return it if the ManageDsaIt flag is true
@@ -1036,21 +1041,22 @@ public class DefaultOperationManager imp
                         // Throw a Referral Exception
                         // Unlock the referral manager
                         directoryService.getReferralManager().unlock();
-                        
-                        LdapReferralException exception = buildReferralExceptionForSearch( parentEntry, childDn, opContext.getScope() );
+
+                        LdapReferralException exception = buildReferralExceptionForSearch( parentEntry, childDn,
+                            opContext.getScope() );
                         throw exception;
                     }
                 }
                 else if ( directoryService.getReferralManager().hasParentReferral( dn ) )
                 {
                     // We can't search an entry which has an ancestor referral
-    
+
                     // Depending on the Context.REFERRAL property value, we will throw
                     // a different exception.
                     if ( opContext.isReferralIgnored() )
                     {
                         directoryService.getReferralManager().unlock();
-                        
+
                         LdapPartialResultException exception = buildLdapPartialResultException( childDn );
                         throw exception;
                     }
@@ -1058,8 +1064,9 @@ public class DefaultOperationManager imp
                     {
                         // Unlock the referral manager
                         directoryService.getReferralManager().unlock();
-                        
-                        LdapReferralException exception = buildReferralExceptionForSearch( parentEntry, childDn, opContext.getScope() );
+
+                        LdapReferralException exception = buildReferralExceptionForSearch( parentEntry, childDn,
+                            opContext.getScope() );
                         throw exception;
                     }
                 }
@@ -1087,10 +1094,10 @@ public class DefaultOperationManager imp
     public void unbind( UnbindOperationContext opContext ) throws Exception
     {
         LOG.debug( ">> UnbindOperation : {}", opContext );
-        
+
         ensureStarted();
         push( opContext );
-        
+
         try
         {
             directoryService.getInterceptorChain().unbind( opContext );
@@ -1106,14 +1113,14 @@ public class DefaultOperationManager imp
 
     private void ensureStarted() throws LdapServiceUnavailableException
     {
-        if ( ! directoryService.isStarted() )
+        if ( !directoryService.isStarted() )
         {
             throw new LdapServiceUnavailableException( ResultCodeEnum.UNAVAILABLE, I18n.err( I18n.ERR_316 ) );
         }
     }
-    
-    
-    private void pop() 
+
+
+    private void pop()
     {
         // TODO - need to remove Context caller and PartitionNexusProxy from Invocations
         InvocationStack stack = InvocationStack.getInstance();

Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/AciAuthorizationInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/AciAuthorizationInterceptor.java?rev=949396&r1=949395&r2=949396&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/AciAuthorizationInterceptor.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/AciAuthorizationInterceptor.java Sat May 29 14:30:37 2010
@@ -66,9 +66,9 @@ import org.apache.directory.shared.ldap.
 import org.apache.directory.shared.ldap.aci.MicroOperation;
 import org.apache.directory.shared.ldap.constants.AuthenticationLevel;
 import org.apache.directory.shared.ldap.constants.SchemaConstants;
+import org.apache.directory.shared.ldap.entry.Entry;
 import org.apache.directory.shared.ldap.entry.EntryAttribute;
 import org.apache.directory.shared.ldap.entry.Modification;
-import org.apache.directory.shared.ldap.entry.Entry;
 import org.apache.directory.shared.ldap.entry.Value;
 import org.apache.directory.shared.ldap.exception.LdapNoPermissionException;
 import org.apache.directory.shared.ldap.exception.LdapOperationErrorException;
@@ -150,22 +150,22 @@ public class AciAuthorizationInterceptor
 
     /** a tupleCache that responds to add, delete, and modify attempts */
     private TupleCache tupleCache;
-    
+
     /** a groupCache that responds to add, delete, and modify attempts */
     private GroupCache groupCache;
-    
+
     /** a normalizing ACIItem parser */
     private ACIItemParser aciParser;
-    
+
     /** use and instance of the ACDF engine */
     private ACDFEngine engine;
-    
+
     /** interceptor chain */
     private InterceptorChain chain;
-    
+
     /** Global registries */
     private SchemaManager schemaManager;
-    
+
     /** the system wide subschemaSubentryDn */
     private String subschemaSubentryDn;
 
@@ -179,9 +179,10 @@ public class AciAuthorizationInterceptor
 
     /** the subentry ACI attribute type */
     private AttributeType subentryAciType;
-    
+
     public static final SearchControls DEFAULT_SEARCH_CONTROLS = new SearchControls();
 
+
     /**
      * Initializes this interceptor based service by getting a handle on the nexus, setting up
      * the tupe and group membership caches and the ACIItem parser and the ACDF engine.
@@ -195,31 +196,31 @@ public class AciAuthorizationInterceptor
 
         DN adminDn = new DN( ServerDNConstants.ADMIN_SYSTEM_DN_NORMALIZED );
         adminDn.normalize( directoryService.getSchemaManager().getNormalizerMapping() );
-        CoreSession adminSession = new DefaultCoreSession( 
-            new LdapPrincipal( adminDn, AuthenticationLevel.STRONG ), directoryService );
+        CoreSession adminSession = new DefaultCoreSession( new LdapPrincipal( adminDn, AuthenticationLevel.STRONG ),
+            directoryService );
 
         tupleCache = new TupleCache( adminSession );
         groupCache = new GroupCache( adminSession );
         schemaManager = directoryService.getSchemaManager();
         //ocRegistry = registries.getObjectClassRegistry();
-        
+
         // look up some constant information
         String objectClassOid = schemaManager.getAttributeTypeRegistry().getOidByName( SchemaConstants.OBJECT_CLASS_AT );
         subentryOid = schemaManager.getObjectClassRegistry().getOidByName( SchemaConstants.SUBENTRY_OC );
         String acSubentryOid = schemaManager.getAttributeTypeRegistry().getOidByName( AC_SUBENTRY_ATTR );
         objectClassType = schemaManager.lookupAttributeTypeRegistry( objectClassOid );
         acSubentryType = schemaManager.lookupAttributeTypeRegistry( acSubentryOid );
-        entryAciType = schemaManager.lookupAttributeTypeRegistry( SchemaConstants.ENTRY_ACI_AT_OID ); 
+        entryAciType = schemaManager.lookupAttributeTypeRegistry( SchemaConstants.ENTRY_ACI_AT_OID );
         subentryAciType = schemaManager.lookupAttributeTypeRegistry( SchemaConstants.SUBENTRY_ACI_AT_OID );
-        
-        aciParser = new ACIItemParser( new ConcreteNameComponentNormalizer( schemaManager ), schemaManager.getNormalizerMapping() );
+
+        aciParser = new ACIItemParser( new ConcreteNameComponentNormalizer( schemaManager ), schemaManager
+            .getNormalizerMapping() );
         engine = new ACDFEngine( schemaManager.getGlobalOidRegistry(), schemaManager );
         chain = directoryService.getInterceptorChain();
 
         // stuff for dealing with subentries (garbage for now)
-        Value<?> subschemaSubentry = 
-            directoryService.getPartitionNexus().getRootDSE( null ).
-                get( SchemaConstants.SUBSCHEMA_SUBENTRY_AT ).get();
+        Value<?> subschemaSubentry = directoryService.getPartitionNexus().getRootDSE( null ).get(
+            SchemaConstants.SUBSCHEMA_SUBENTRY_AT ).get();
         DN subschemaSubentryDnName = new DN( subschemaSubentry.getString() );
         subschemaSubentryDnName.normalize( schemaManager.getNormalizerMapping() );
         subschemaSubentryDn = subschemaSubentryDnName.getNormName();
@@ -260,20 +261,20 @@ public class AciAuthorizationInterceptor
      * @throws Exception if there are problems accessing attribute values
      * @param proxy the partition nexus proxy object
      */
-    private void addPerscriptiveAciTuples( OperationContext opContext, Collection<ACITuple> tuples, DN dn,
-        Entry entry ) throws Exception
+    private void addPerscriptiveAciTuples( OperationContext opContext, Collection<ACITuple> tuples, DN dn, Entry entry )
+        throws Exception
     {
         EntryAttribute oc = null;
-        
+
         if ( entry instanceof ClonedServerEntry )
         {
-            oc = ((ClonedServerEntry)entry).getOriginalEntry().get( objectClassType );
+            oc = ( ( ClonedServerEntry ) entry ).getOriginalEntry().get( objectClassType );
         }
         else
         {
             oc = entry.get( objectClassType );
         }
-        
+
         /*
          * If the protected entry is a subentry, then the entry being evaluated
          * for perscriptiveACIs is in fact the administrative entry.  By
@@ -291,13 +292,13 @@ public class AciAuthorizationInterceptor
         }
 
         EntryAttribute subentries = entry.get( acSubentryType );
-        
+
         if ( subentries == null )
         {
             return;
         }
-        
-        for ( Value<?> value:subentries )
+
+        for ( Value<?> value : subentries )
         {
             String subentryDn = value.getString();
             tuples.addAll( tupleCache.getACITuples( subentryDn ) );
@@ -316,13 +317,13 @@ public class AciAuthorizationInterceptor
     private void addEntryAciTuples( Collection<ACITuple> tuples, Entry entry ) throws Exception
     {
         EntryAttribute entryAci = entry.get( entryAciType );
-        
+
         if ( entryAci == null )
         {
             return;
         }
 
-        for ( Value<?> value:entryAci )
+        for ( Value<?> value : entryAci )
         {
             String aciString = value.getString();
             ACIItem item;
@@ -366,8 +367,9 @@ public class AciAuthorizationInterceptor
         // will contain the subentryACI attributes that effect subentries
         DN parentDn = ( DN ) dn.clone();
         parentDn.remove( dn.size() - 1 );
-        Entry administrativeEntry = ((ClonedServerEntry)opContext.lookup( parentDn, ByPassConstants.LOOKUP_BYPASS )).getOriginalEntry();
-        
+        Entry administrativeEntry = ( ( ClonedServerEntry ) opContext.lookup( parentDn, ByPassConstants.LOOKUP_BYPASS ) )
+            .getOriginalEntry();
+
         EntryAttribute subentryAci = administrativeEntry.get( subentryAciType );
 
         if ( subentryAci == null )
@@ -375,7 +377,7 @@ public class AciAuthorizationInterceptor
             return;
         }
 
-        for ( Value<?> value:subentryAci )
+        for ( Value<?> value : subentryAci )
         {
             String aciString = value.getString();
             ACIItem item;
@@ -422,8 +424,8 @@ public class AciAuthorizationInterceptor
         // Access the principal requesting the operation, and bypass checks if it is the admin
         LdapPrincipal principal = addContext.getSession().getEffectivePrincipal();
         DN principalDn = principal.getDN();
-        
-        Entry serverEntry = addContext.getEntry(); 
+
+        Entry serverEntry = addContext.getEntry();
         //Attributes entry = ServerEntryUtils.toAttributesImpl( serverEntry );
 
         DN name = addContext.getDn();
@@ -445,10 +447,11 @@ public class AciAuthorizationInterceptor
         }
 
         // perform checks below here for all non-admin users
-        SubentryInterceptor subentryInterceptor = ( SubentryInterceptor ) chain.get( SubentryInterceptor.class.getName() );
+        SubentryInterceptor subentryInterceptor = ( SubentryInterceptor ) chain.get( SubentryInterceptor.class
+            .getName() );
         Entry subentryAttrs = subentryInterceptor.getSubentryAttributes( name, serverEntry );
-        
-        for ( EntryAttribute attribute:serverEntry )
+
+        for ( EntryAttribute attribute : serverEntry )
         {
             subentryAttrs.put( attribute );
         }
@@ -463,17 +466,16 @@ public class AciAuthorizationInterceptor
         addSubentryAciTuples( addContext, tuples, name, subentryAttrs );
 
         // check if entry scope permission is granted
-        engine.checkPermission( schemaManager, addContext, userGroups, principalDn, principal.getAuthenticationLevel(), name, null, null,
-            ADD_PERMS, tuples, subentryAttrs, null );
+        engine.checkPermission( schemaManager, addContext, userGroups, principalDn, principal.getAuthenticationLevel(),
+            name, null, null, ADD_PERMS, tuples, subentryAttrs, null );
 
         // now we must check if attribute type and value scope permission is granted
-        for ( EntryAttribute attribute:serverEntry )
+        for ( EntryAttribute attribute : serverEntry )
         {
-            for ( Value<?> value:attribute )
+            for ( Value<?> value : attribute )
             {
-                engine.checkPermission( schemaManager, addContext, userGroups, principalDn, 
-                    principal.getAuthenticationLevel(), name, attribute.getUpId(), value, 
-                    ADD_PERMS, tuples, serverEntry, null );
+                engine.checkPermission( schemaManager, addContext, userGroups, principalDn, principal
+                    .getAuthenticationLevel(), name, attribute.getUpId(), value, ADD_PERMS, tuples, serverEntry, null );
             }
         }
 
@@ -496,9 +498,9 @@ public class AciAuthorizationInterceptor
     public void delete( NextInterceptor next, DeleteOperationContext deleteContext ) throws Exception
     {
         CoreSession session = deleteContext.getSession();
-        
+
         // bypass authz code if we are disabled
-        if ( ! session.getDirectoryService().isAccessControlEnabled() )
+        if ( !session.getDirectoryService().isAccessControlEnabled() )
         {
             next.delete( deleteContext );
             return;
@@ -516,24 +518,24 @@ public class AciAuthorizationInterceptor
         if ( isPrincipalAnAdministrator( principalDn ) )
         {
             next.delete( deleteContext );
-            
+
             tupleCache.subentryDeleted( dn, entry );
             groupCache.groupDeleted( dn, entry );
-            
+
             return;
         }
 
         Set<DN> userGroups = groupCache.getGroups( principalDn.getNormName() );
         Collection<ACITuple> tuples = new HashSet<ACITuple>();
-        addPerscriptiveAciTuples( deleteContext, tuples, dn, ((ClonedServerEntry)entry).getOriginalEntry() );
+        addPerscriptiveAciTuples( deleteContext, tuples, dn, ( ( ClonedServerEntry ) entry ).getOriginalEntry() );
         addEntryAciTuples( tuples, entry );
         addSubentryAciTuples( deleteContext, tuples, dn, entry );
 
-        engine.checkPermission( schemaManager, deleteContext, userGroups, principalDn, 
-            principal.getAuthenticationLevel(), dn, null, null, REMOVE_PERMS, tuples, entry, null );
+        engine.checkPermission( schemaManager, deleteContext, userGroups, principalDn, principal
+            .getAuthenticationLevel(), dn, null, null, REMOVE_PERMS, tuples, entry, null );
 
         next.delete( deleteContext );
-        
+
         tupleCache.subentryDeleted( dn, entry );
         groupCache.groupDeleted( dn, entry );
     }
@@ -547,7 +549,8 @@ public class AciAuthorizationInterceptor
 
         // Access the principal requesting the operation, and bypass checks if it is the admin
         Entry entry = opContext.lookup( name, ByPassConstants.LOOKUP_BYPASS );
-        
+        //         Entry entry = opContext.getEntry();
+
         LdapPrincipal principal = opContext.getSession().getEffectivePrincipal();
         DN principalDn = principal.getDN();
 
@@ -575,37 +578,36 @@ public class AciAuthorizationInterceptor
 
         Set<DN> userGroups = groupCache.getGroups( principalDn.getName() );
         Collection<ACITuple> tuples = new HashSet<ACITuple>();
-        addPerscriptiveAciTuples( opContext, tuples, name, ((ClonedServerEntry)entry).getOriginalEntry() );
+        addPerscriptiveAciTuples( opContext, tuples, name, ( ( ClonedServerEntry ) entry ).getOriginalEntry() );
         addEntryAciTuples( tuples, entry );
         addSubentryAciTuples( opContext, tuples, name, entry );
 
-        engine.checkPermission( schemaManager, opContext, userGroups, principalDn, 
-            principal.getAuthenticationLevel(), name, null, null, 
-            Collections.singleton( MicroOperation.MODIFY ), tuples, entry, null );
+        engine.checkPermission( schemaManager, opContext, userGroups, principalDn, principal.getAuthenticationLevel(),
+            name, null, null, Collections.singleton( MicroOperation.MODIFY ), tuples, entry, null );
 
         Collection<MicroOperation> perms = null;
         Entry entryView = ( Entry ) entry.clone();
-        
+
         for ( Modification mod : mods )
         {
             EntryAttribute attr = mod.getAttribute();
 
             switch ( mod.getOperation() )
             {
-                case ADD_ATTRIBUTE :
+                case ADD_ATTRIBUTE:
                     perms = ADD_PERMS;
-                
+
                     // If the attribute is being created with an initial value ...
                     if ( entry.get( attr.getId() ) == null )
                     {
                         // ... we also need to check if adding the attribute is permitted
-                        engine.checkPermission( schemaManager, opContext, userGroups, principalDn, principal.getAuthenticationLevel(), name,
-                                attr.getId(), null, perms, tuples, entry, null );
+                        engine.checkPermission( schemaManager, opContext, userGroups, principalDn, principal
+                            .getAuthenticationLevel(), name, attr.getId(), null, perms, tuples, entry, null );
                     }
-                    
+
                     break;
 
-                case REMOVE_ATTRIBUTE :
+                case REMOVE_ATTRIBUTE:
                     perms = REMOVE_PERMS;
                     EntryAttribute entryAttr = entry.get( attr.getId() );
 
@@ -615,15 +617,14 @@ public class AciAuthorizationInterceptor
                         if ( entryAttr.size() == 1 )
                         {
                             // ... we also need to check if removing the attribute at all is permitted
-                            engine.checkPermission( schemaManager, opContext, userGroups, principalDn, 
-                                principal.getAuthenticationLevel(), name, attr.getId(), 
-                                null, perms, tuples, entry, null );
+                            engine.checkPermission( schemaManager, opContext, userGroups, principalDn, principal
+                                .getAuthenticationLevel(), name, attr.getId(), null, perms, tuples, entry, null );
                         }
                     }
-                    
+
                     break;
 
-                case REPLACE_ATTRIBUTE :
+                case REPLACE_ATTRIBUTE:
                     perms = REPLACE_PERMS;
                     break;
             }
@@ -642,17 +643,14 @@ public class AciAuthorizationInterceptor
              * attribute is being checked for relevant permissions below. 
              */
             entryView = ServerEntryUtils.getTargetEntry( mod, entryView, schemaManager );
-            
-            for ( Value<?> value:attr )
-            {                
-                engine.checkPermission( schemaManager, opContext, userGroups, principalDn, 
-                    principal.getAuthenticationLevel(), name, attr.getId(), value, 
-                    perms, tuples, entry, entryView );
+
+            for ( Value<?> value : attr )
+            {
+                engine.checkPermission( schemaManager, opContext, userGroups, principalDn, principal
+                    .getAuthenticationLevel(), name, attr.getId(), value, perms, tuples, entry, entryView );
             }
         }
 
-        
-
         next.modify( opContext );
         /**
          * @TODO: A virtual entry can be created here for not hitting the backend again.
@@ -662,16 +660,16 @@ public class AciAuthorizationInterceptor
         groupCache.groupModified( name, mods, entry, schemaManager );
     }
 
-    
+
     public boolean hasEntry( NextInterceptor next, EntryOperationContext entryContext ) throws Exception
     {
         DN name = entryContext.getDn();
-        
-        if ( ! entryContext.getSession().getDirectoryService().isAccessControlEnabled() )
+
+        if ( !entryContext.getSession().getDirectoryService().isAccessControlEnabled() )
         {
             return name.size() == 0 || next.hasEntry( entryContext );
         }
-        
+
         boolean answer = next.hasEntry( entryContext );
 
         // no checks on the RootDSE
@@ -681,7 +679,7 @@ public class AciAuthorizationInterceptor
             // It's the rootDSE, and it exists ! 
             return answer;
         }
-        
+
         // TODO - eventually replace this with a check on session.isAnAdministrator()
         LdapPrincipal principal = entryContext.getSession().getEffectivePrincipal();
         DN principalDn = principal.getDN();
@@ -693,14 +691,14 @@ public class AciAuthorizationInterceptor
         Entry entry = entryContext.lookup( name, ByPassConstants.HAS_ENTRY_BYPASS );
         Set<DN> userGroups = groupCache.getGroups( principalDn.getNormName() );
         Collection<ACITuple> tuples = new HashSet<ACITuple>();
-        addPerscriptiveAciTuples( entryContext, tuples, name, ((ClonedServerEntry)entry).getOriginalEntry() );
-        addEntryAciTuples( tuples, ((ClonedServerEntry)entry).getOriginalEntry() );
-        addSubentryAciTuples( entryContext, tuples, name, ((ClonedServerEntry)entry).getOriginalEntry() );
+        addPerscriptiveAciTuples( entryContext, tuples, name, ( ( ClonedServerEntry ) entry ).getOriginalEntry() );
+        addEntryAciTuples( tuples, ( ( ClonedServerEntry ) entry ).getOriginalEntry() );
+        addSubentryAciTuples( entryContext, tuples, name, ( ( ClonedServerEntry ) entry ).getOriginalEntry() );
 
         // check that we have browse access to the entry
-        engine.checkPermission( schemaManager, entryContext, userGroups, principalDn, 
-            principal.getAuthenticationLevel(), name, null, null,
-            BROWSE_PERMS, tuples, ((ClonedServerEntry)entry).getOriginalEntry(), null );
+        engine.checkPermission( schemaManager, entryContext, userGroups, principalDn, principal
+            .getAuthenticationLevel(), name, null, null, BROWSE_PERMS, tuples, ( ( ClonedServerEntry ) entry )
+            .getOriginalEntry(), null );
 
         return next.hasEntry( entryContext );
     }
@@ -738,29 +736,18 @@ public class AciAuthorizationInterceptor
         addSubentryAciTuples( lookupContext, tuples, lookupContext.getDn(), entry );
 
         // check that we have read access to the entry
-        engine.checkPermission( schemaManager, lookupContext, userGroups, userName, principal.getAuthenticationLevel(), 
-            lookupContext.getDn(), null, null,
-            LOOKUP_PERMS, tuples, entry, null );
+        engine.checkPermission( schemaManager, lookupContext, userGroups, userName, principal.getAuthenticationLevel(),
+            lookupContext.getDn(), null, null, LOOKUP_PERMS, tuples, entry, null );
 
         // check that we have read access to every attribute type and value
-        for ( EntryAttribute attribute:entry )
+        for ( EntryAttribute attribute : entry )
         {
-            
-            for ( Value<?> value:attribute )
+
+            for ( Value<?> value : attribute )
             {
-                engine.checkPermission( 
-                    schemaManager, 
-                    lookupContext, 
-                    userGroups, 
-                    userName, 
-                    principal.getAuthenticationLevel(), 
-                    lookupContext.getDn(), 
-                    attribute.getUpId(), 
-                    value, 
-                    READ_PERMS, 
-                    tuples, 
-                    entry, 
-                    null );
+                engine.checkPermission( schemaManager, lookupContext, userGroups, userName, principal
+                    .getAuthenticationLevel(), lookupContext.getDn(), attribute.getUpId(), value, READ_PERMS, tuples,
+                    entry, null );
             }
         }
     }
@@ -770,15 +757,15 @@ public class AciAuthorizationInterceptor
     {
         CoreSession session = lookupContext.getSession();
         DirectoryService directoryService = session.getDirectoryService();
-        
+
         LdapPrincipal principal = session.getEffectivePrincipal();
         DN principalDn = principal.getDN();
-        
+
         if ( !principalDn.isNormalized() )
         {
             principalDn.normalize( schemaManager.getNormalizerMapping() );
         }
-        
+
         if ( isPrincipalAnAdministrator( principalDn ) || !directoryService.isAccessControlEnabled() )
         {
             return next.lookup( lookupContext );
@@ -788,21 +775,21 @@ public class AciAuthorizationInterceptor
         Entry entry = directoryService.getOperationManager().lookup( lookupContext );
 
         checkLookupAccess( lookupContext, entry );
-        
+
         return next.lookup( lookupContext );
     }
 
-    
+
     public void rename( NextInterceptor next, RenameOperationContext renameContext ) throws Exception
     {
         DN oldName = renameContext.getDn();
         Entry originalEntry = null;
-        
+
         if ( renameContext.getEntry() != null )
         {
             originalEntry = renameContext.getEntry().getOriginalEntry();
         }
-        
+
         LdapPrincipal principal = renameContext.getSession().getEffectivePrincipal();
         DN principalDn = principal.getDN();
         DN newName = renameContext.getNewDn();
@@ -821,7 +808,7 @@ public class AciAuthorizationInterceptor
         {
             next.rename( renameContext );
             tupleCache.subentryRenamed( oldName, newName );
-            
+
             // TODO : this method returns a boolean : what should we do with the result ?
             groupCache.groupRenamed( oldName, newName );
 
@@ -834,9 +821,8 @@ public class AciAuthorizationInterceptor
         addEntryAciTuples( tuples, originalEntry );
         addSubentryAciTuples( renameContext, tuples, oldName, originalEntry );
 
-        engine.checkPermission( schemaManager, renameContext, userGroups, principalDn, 
-            principal.getAuthenticationLevel(), oldName, null, null,
-            RENAME_PERMS, tuples, originalEntry, null );
+        engine.checkPermission( schemaManager, renameContext, userGroups, principalDn, principal
+            .getAuthenticationLevel(), oldName, null, null, RENAME_PERMS, tuples, originalEntry, null );
 
         next.rename( renameContext );
         tupleCache.subentryRenamed( oldName, newName );
@@ -851,7 +837,7 @@ public class AciAuthorizationInterceptor
         DN newParentName = moveAndRenameContext.getParent();
 
         Entry entry = moveAndRenameContext.lookup( oriChildName, ByPassConstants.LOOKUP_BYPASS );
-        
+
         LdapPrincipal principal = moveAndRenameContext.getSession().getEffectivePrincipal();
         DN principalDn = principal.getDN();
         DN newName = ( DN ) newParentName.clone();
@@ -877,45 +863,44 @@ public class AciAuthorizationInterceptor
 
         Set<DN> userGroups = groupCache.getGroups( principalDn.getNormName() );
         Collection<ACITuple> tuples = new HashSet<ACITuple>();
-        addPerscriptiveAciTuples( moveAndRenameContext, tuples, oriChildName, ((ClonedServerEntry)entry).getOriginalEntry() );
+        addPerscriptiveAciTuples( moveAndRenameContext, tuples, oriChildName, ( ( ClonedServerEntry ) entry )
+            .getOriginalEntry() );
         addEntryAciTuples( tuples, entry );
         addSubentryAciTuples( moveAndRenameContext, tuples, oriChildName, entry );
 
-        engine.checkPermission( schemaManager, moveAndRenameContext, userGroups, 
-            principalDn, principal.getAuthenticationLevel(), oriChildName, null,
-            null, MOVERENAME_PERMS, tuples, entry, null );
+        engine.checkPermission( schemaManager, moveAndRenameContext, userGroups, principalDn, principal
+            .getAuthenticationLevel(), oriChildName, null, null, MOVERENAME_PERMS, tuples, entry, null );
 
         // Get the entry again without operational attributes
         // because access control subentry operational attributes
         // will not be valid at the new location.
         // This will certainly be fixed by the SubentryInterceptor,
         // but after this service.
-        
-        Entry importedEntry = moveAndRenameContext.lookup( oriChildName, 
+
+        Entry importedEntry = moveAndRenameContext.lookup( oriChildName,
             ByPassConstants.LOOKUP_EXCLUDING_OPR_ATTRS_BYPASS );
-        
+
         // As the target entry does not exist yet and so
         // its subentry operational attributes are not there,
         // we need to construct an entry to represent it
         // at least with minimal requirements which are object class
         // and access control subentry operational attributes.
-        SubentryInterceptor subentryInterceptor = ( SubentryInterceptor ) chain.get( SubentryInterceptor.class.getName() );
+        SubentryInterceptor subentryInterceptor = ( SubentryInterceptor ) chain.get( SubentryInterceptor.class
+            .getName() );
         Entry subentryAttrs = subentryInterceptor.getSubentryAttributes( newName, importedEntry );
-        
-        for ( EntryAttribute attribute:importedEntry )
+
+        for ( EntryAttribute attribute : importedEntry )
         {
             subentryAttrs.put( attribute );
         }
-        
+
         Collection<ACITuple> destTuples = new HashSet<ACITuple>();
         // Import permission is only valid for prescriptive ACIs
         addPerscriptiveAciTuples( moveAndRenameContext, destTuples, newName, subentryAttrs );
         // Evaluate the target context to see whether it
         // allows an entry named newName to be imported as a subordinate.
-        engine.checkPermission( schemaManager, moveAndRenameContext, userGroups, principalDn, 
-            principal.getAuthenticationLevel(), newName, null,
-            null, IMPORT_PERMS, destTuples, subentryAttrs, null );
-
+        engine.checkPermission( schemaManager, moveAndRenameContext, userGroups, principalDn, principal
+            .getAuthenticationLevel(), newName, null, null, IMPORT_PERMS, destTuples, subentryAttrs, null );
 
         next.moveAndRename( moveAndRenameContext );
         tupleCache.subentryRenamed( oriChildName, newName );
@@ -927,10 +912,10 @@ public class AciAuthorizationInterceptor
     {
         DN oriChildName = moveContext.getDn();
         DN newParentName = moveContext.getParent();
-        
+
         // Access the principal requesting the operation, and bypass checks if it is the admin
         Entry entry = moveContext.lookup( oriChildName, ByPassConstants.LOOKUP_BYPASS );
-       
+
         DN newName = ( DN ) newParentName.clone();
         newName.add( oriChildName.get( oriChildName.size() - 1 ) );
         LdapPrincipal principal = moveContext.getSession().getEffectivePrincipal();
@@ -943,7 +928,7 @@ public class AciAuthorizationInterceptor
             return;
         }
 
-        protectCriticalEntries( oriChildName);
+        protectCriticalEntries( oriChildName );
 
         // bypass authz code but manage caches if operation is performed by the admin
         if ( isPrincipalAnAdministrator( principalDn ) )
@@ -956,61 +941,59 @@ public class AciAuthorizationInterceptor
 
         Set<DN> userGroups = groupCache.getGroups( principalDn.getNormName() );
         Collection<ACITuple> tuples = new HashSet<ACITuple>();
-        addPerscriptiveAciTuples( moveContext, tuples, oriChildName, ((ClonedServerEntry)entry).getOriginalEntry() );
+        addPerscriptiveAciTuples( moveContext, tuples, oriChildName, ( ( ClonedServerEntry ) entry ).getOriginalEntry() );
         addEntryAciTuples( tuples, entry );
         addSubentryAciTuples( moveContext, tuples, oriChildName, entry );
 
-        engine.checkPermission( schemaManager, moveContext, userGroups, principalDn, 
-            principal.getAuthenticationLevel(), oriChildName, null,
-            null, EXPORT_PERMS, tuples, entry, null );
-        
+        engine.checkPermission( schemaManager, moveContext, userGroups, principalDn,
+            principal.getAuthenticationLevel(), oriChildName, null, null, EXPORT_PERMS, tuples, entry, null );
+
         // Get the entry again without operational attributes
         // because access control subentry operational attributes
         // will not be valid at the new location.
         // This will certainly be fixed by the SubentryInterceptor,
         // but after this service.
-        Entry importedEntry = moveContext.lookup( oriChildName, 
-            ByPassConstants.LOOKUP_EXCLUDING_OPR_ATTRS_BYPASS );
-            
+        Entry importedEntry = moveContext.lookup( oriChildName, ByPassConstants.LOOKUP_EXCLUDING_OPR_ATTRS_BYPASS );
+
         // As the target entry does not exist yet and so
         // its subentry operational attributes are not there,
         // we need to construct an entry to represent it
         // at least with minimal requirements which are object class
         // and access control subentry operational attributes.
-        SubentryInterceptor subentryInterceptor = ( SubentryInterceptor ) 
-            chain.get( SubentryInterceptor.class.getName() );
+        SubentryInterceptor subentryInterceptor = ( SubentryInterceptor ) chain.get( SubentryInterceptor.class
+            .getName() );
         Entry subentryAttrs = subentryInterceptor.getSubentryAttributes( newName, importedEntry );
-        
-        for ( EntryAttribute attribute:importedEntry )
+
+        for ( EntryAttribute attribute : importedEntry )
         {
             subentryAttrs.put( attribute );
         }
-        
+
         Collection<ACITuple> destTuples = new HashSet<ACITuple>();
         // Import permission is only valid for prescriptive ACIs
         addPerscriptiveAciTuples( moveContext, destTuples, newName, subentryAttrs );
         // Evaluate the target context to see whether it
         // allows an entry named newName to be imported as a subordinate.
-        engine.checkPermission( schemaManager, moveContext, userGroups, principalDn, 
-            principal.getAuthenticationLevel(), newName, null,
-            null, IMPORT_PERMS, destTuples, subentryAttrs, null );
+        engine.checkPermission( schemaManager, moveContext, userGroups, principalDn,
+            principal.getAuthenticationLevel(), newName, null, null, IMPORT_PERMS, destTuples, subentryAttrs, null );
 
         next.move( moveContext );
         tupleCache.subentryRenamed( oriChildName, newName );
         groupCache.groupRenamed( oriChildName, newName );
     }
 
-    
+
     public EntryFilteringCursor list( NextInterceptor next, ListOperationContext opContext ) throws Exception
     {
         LdapPrincipal user = opContext.getSession().getEffectivePrincipal();
         EntryFilteringCursor cursor = next.list( opContext );
-        
-        if ( isPrincipalAnAdministrator( user.getDNRef() ) || !opContext.getSession().getDirectoryService().isAccessControlEnabled() )
+
+        if ( isPrincipalAnAdministrator( user.getDNRef() )
+            || !opContext.getSession().getDirectoryService().isAccessControlEnabled() )
         {
             return cursor;
         }
-        
+
         AuthorizationFilter authzFilter = new AuthorizationFilter();
         cursor.addEntryFilter( authzFilter );
         return cursor;
@@ -1025,23 +1008,26 @@ public class AciAuthorizationInterceptor
 
         boolean isSubschemaSubentryLookup = subschemaSubentryDn.equals( opContext.getDn().getNormName() );
         SearchControls searchCtls = opContext.getSearchControls();
-        boolean isRootDSELookup = opContext.getDn().size() == 0 && searchCtls.getSearchScope() == SearchControls.OBJECT_SCOPE;
+        boolean isRootDSELookup = opContext.getDn().size() == 0
+            && searchCtls.getSearchScope() == SearchControls.OBJECT_SCOPE;
 
-        if ( isPrincipalAnAdministrator( principalDn ) || !opContext.getSession().getDirectoryService().isAccessControlEnabled() || isRootDSELookup || isSubschemaSubentryLookup )
+        if ( isPrincipalAnAdministrator( principalDn )
+            || !opContext.getSession().getDirectoryService().isAccessControlEnabled() || isRootDSELookup
+            || isSubschemaSubentryLookup )
         {
             return cursor;
         }
-        
+
         cursor.addEntryFilter( new AuthorizationFilter() );
         return cursor;
     }
 
-    
+
     public final boolean isPrincipalAnAdministrator( DN principalDn )
     {
         return groupCache.isPrincipalAnAdministrator( principalDn );
     }
-    
+
 
     public boolean compare( NextInterceptor next, CompareOperationContext opContext ) throws Exception
     {
@@ -1054,35 +1040,35 @@ public class AciAuthorizationInterceptor
         LdapPrincipal principal = opContext.getSession().getEffectivePrincipal();
         DN principalDn = principal.getDN();
 
-        if ( isPrincipalAnAdministrator( principalDn ) || !opContext.getSession().getDirectoryService().isAccessControlEnabled() )
+        if ( isPrincipalAnAdministrator( principalDn )
+            || !opContext.getSession().getDirectoryService().isAccessControlEnabled() )
         {
             return next.compare( opContext );
         }
 
         Set<DN> userGroups = groupCache.getGroups( principalDn.getNormName() );
         Collection<ACITuple> tuples = new HashSet<ACITuple>();
-        addPerscriptiveAciTuples( opContext, tuples, name, ((ClonedServerEntry)entry).getOriginalEntry() );
+        addPerscriptiveAciTuples( opContext, tuples, name, ( ( ClonedServerEntry ) entry ).getOriginalEntry() );
         addEntryAciTuples( tuples, entry );
         addSubentryAciTuples( opContext, tuples, name, entry );
 
-        engine.checkPermission( schemaManager, opContext, userGroups, principalDn, 
-            principal.getAuthenticationLevel(), name, null, null,
-            READ_PERMS, tuples, entry, null );
-        engine.checkPermission( schemaManager, opContext, userGroups, principalDn, 
-            principal.getAuthenticationLevel(), name, oid, value,
-            COMPARE_PERMS, tuples, entry, null );
+        engine.checkPermission( schemaManager, opContext, userGroups, principalDn, principal.getAuthenticationLevel(),
+            name, null, null, READ_PERMS, tuples, entry, null );
+        engine.checkPermission( schemaManager, opContext, userGroups, principalDn, principal.getAuthenticationLevel(),
+            name, oid, value, COMPARE_PERMS, tuples, entry, null );
 
         return next.compare( opContext );
     }
 
 
-    public DN getMatchedName ( NextInterceptor next, GetMatchedNameOperationContext opContext ) throws Exception
+    public DN getMatchedName( NextInterceptor next, GetMatchedNameOperationContext opContext ) throws Exception
     {
         // Access the principal requesting the operation, and bypass checks if it is the admin
         LdapPrincipal principal = opContext.getSession().getEffectivePrincipal();
         DN principalDn = principal.getDN();
-        
-        if ( isPrincipalAnAdministrator( principalDn ) || !opContext.getSession().getDirectoryService().isAccessControlEnabled() )
+
+        if ( isPrincipalAnAdministrator( principalDn )
+            || !opContext.getSession().getDirectoryService().isAccessControlEnabled() )
         {
             return next.getMatchedName( opContext );
         }
@@ -1097,16 +1083,15 @@ public class AciAuthorizationInterceptor
         while ( matched.size() > 0 )
         {
             entry = opContext.lookup( matched, ByPassConstants.GETMATCHEDDN_BYPASS );
-            
+
             Set<DN> userGroups = groupCache.getGroups( principalDn.getNormName() );
             Collection<ACITuple> tuples = new HashSet<ACITuple>();
-            addPerscriptiveAciTuples( opContext, tuples, matched, ((ClonedServerEntry)entry).getOriginalEntry() );
+            addPerscriptiveAciTuples( opContext, tuples, matched, ( ( ClonedServerEntry ) entry ).getOriginalEntry() );
             addEntryAciTuples( tuples, entry );
             addSubentryAciTuples( opContext, tuples, matched, entry );
 
-            if ( engine.hasPermission( schemaManager, opContext, userGroups, principalDn, 
-                principal.getAuthenticationLevel(), matched, null,
-                null, MATCHEDNAME_PERMS, tuples, entry, null ) )
+            if ( engine.hasPermission( schemaManager, opContext, userGroups, principalDn, principal
+                .getAuthenticationLevel(), matched, null, null, MATCHEDNAME_PERMS, tuples, entry, null ) )
             {
                 return matched;
             }
@@ -1124,15 +1109,14 @@ public class AciAuthorizationInterceptor
     }
 
 
-    private boolean filter( OperationContext opContext, DN normName, ClonedServerEntry clonedEntry ) 
-        throws Exception
+    private boolean filter( OperationContext opContext, DN normName, ClonedServerEntry clonedEntry ) throws Exception
     {
         /*
          * First call hasPermission() for entry level "Browse" and "ReturnDN" perm
          * tests.  If we hasPermission() returns false we immediately short the
          * process and return false.
          */
-        
+
         LdapPrincipal principal = opContext.getSession().getEffectivePrincipal();
         DN userDn = principal.getDN();
         Set<DN> userGroups = groupCache.getGroups( userDn.getNormName() );
@@ -1141,19 +1125,8 @@ public class AciAuthorizationInterceptor
         addEntryAciTuples( tuples, clonedEntry.getOriginalEntry() );
         addSubentryAciTuples( opContext, tuples, normName, clonedEntry.getOriginalEntry() );
 
-        if ( !engine.hasPermission( 
-                        schemaManager, 
-                        opContext, 
-                        userGroups, 
-                        userDn, 
-                        principal.getAuthenticationLevel(), 
-                        normName, 
-                        null, 
-                        null, 
-                        SEARCH_ENTRY_PERMS, 
-                        tuples, 
-                        clonedEntry.getOriginalEntry(), 
-                        null ) )
+        if ( !engine.hasPermission( schemaManager, opContext, userGroups, userDn, principal.getAuthenticationLevel(),
+            normName, null, null, SEARCH_ENTRY_PERMS, tuples, clonedEntry.getOriginalEntry(), null ) )
         {
             return false;
         }
@@ -1166,67 +1139,46 @@ public class AciAuthorizationInterceptor
          * values remaining then the entire attribute is removed.
          */
         List<AttributeType> attributeToRemove = new ArrayList<AttributeType>();
-        
-        for ( AttributeType attributeType:clonedEntry.getAttributeTypes() )
+
+        for ( AttributeType attributeType : clonedEntry.getAttributeTypes() )
         {
             // if attribute type scope access is not allowed then remove the attribute and continue
             String id = attributeType.getName();
             EntryAttribute attr = clonedEntry.get( attributeType );
-        
-            if ( !engine.hasPermission( 
-                        schemaManager, 
-                        opContext, 
-                        userGroups, 
-                        userDn,
-                        principal.getAuthenticationLevel(), 
-                        normName, 
-                        id, 
-                        null, 
-                        SEARCH_ATTRVAL_PERMS, 
-                        tuples, 
-                        clonedEntry, 
-                        null ) )
+
+            if ( !engine.hasPermission( schemaManager, opContext, userGroups, userDn, principal
+                .getAuthenticationLevel(), normName, id, null, SEARCH_ATTRVAL_PERMS, tuples, clonedEntry, null ) )
             {
                 attributeToRemove.add( attributeType );
-                
+
                 continue;
             }
 
             List<Value<?>> valueToRemove = new ArrayList<Value<?>>();
-            
+
             // attribute type scope is ok now let's determine value level scope
-            for ( Value<?> value:attr )
+            for ( Value<?> value : attr )
             {
-                if ( !engine.hasPermission( 
-                        schemaManager, 
-                        opContext, 
-                        userGroups, 
-                        userDn, 
-                        principal.getAuthenticationLevel(), 
-                        normName, 
-                        attr.getUpId(), 
-                        value, 
-                        SEARCH_ATTRVAL_PERMS, 
-                        tuples,
-                        clonedEntry, 
-                        null ) )
+                if ( !engine.hasPermission( schemaManager, opContext, userGroups, userDn, principal
+                    .getAuthenticationLevel(), normName, attr.getUpId(), value, SEARCH_ATTRVAL_PERMS, tuples,
+                    clonedEntry, null ) )
                 {
                     valueToRemove.add( value );
                 }
             }
-            
-            for ( Value<?> value:valueToRemove )
+
+            for ( Value<?> value : valueToRemove )
             {
                 attr.remove( value );
             }
-            
+
             if ( attr.size() == 0 )
             {
                 attributeToRemove.add( attributeType );
             }
         }
-        
-        for ( AttributeType attributeType:attributeToRemove )
+
+        for ( AttributeType attributeType : attributeToRemove )
         {
             clonedEntry.removeAttributes( attributeType );
         }
@@ -1234,14 +1186,12 @@ public class AciAuthorizationInterceptor
         return true;
     }
 
-
     /**
      * WARNING: create one of these filters fresh every time for each new search.
      */
     class AuthorizationFilter implements EntryFilter
     {
-        public boolean accept( SearchingOperationContext operationContext, ClonedServerEntry entry ) 
-            throws Exception
+        public boolean accept( SearchingOperationContext operationContext, ClonedServerEntry entry ) throws Exception
         {
             DN normName = entry.getDn().normalize( schemaManager.getNormalizerMapping() );
             return filter( operationContext, normName, entry );



Mime
View raw message