directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From elecha...@apache.org
Subject svn commit: r949425 - in /directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core: authz/DefaultAuthorizationInterceptor.java exception/ExceptionInterceptor.java
Date Sat, 29 May 2010 17:36:49 GMT
Author: elecharny
Date: Sat May 29 17:36:49 2010
New Revision: 949425

URL: http://svn.apache.org/viewvc?rev=949425&view=rev
Log:
Some more cleanup for the modify operation : mainly cleaning DN operations.

Modified:
    directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/DefaultAuthorizationInterceptor.java
    directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/exception/ExceptionInterceptor.java

Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/DefaultAuthorizationInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/DefaultAuthorizationInterceptor.java?rev=949425&r1=949424&r2=949425&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/DefaultAuthorizationInterceptor.java
(original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/DefaultAuthorizationInterceptor.java
Sat May 29 17:36:49 2010
@@ -51,8 +51,8 @@ import org.apache.directory.server.core.
 import org.apache.directory.server.i18n.I18n;
 import org.apache.directory.shared.ldap.constants.AuthenticationLevel;
 import org.apache.directory.shared.ldap.constants.SchemaConstants;
-import org.apache.directory.shared.ldap.entry.EntryAttribute;
 import org.apache.directory.shared.ldap.entry.Entry;
+import org.apache.directory.shared.ldap.entry.EntryAttribute;
 import org.apache.directory.shared.ldap.entry.Value;
 import org.apache.directory.shared.ldap.exception.LdapNoPermissionException;
 import org.apache.directory.shared.ldap.name.DN;
@@ -87,8 +87,8 @@ public class DefaultAuthorizationInterce
     /** the distinguished {@link Name} for the administrator group */
     private static DN ADMIN_GROUP_DN;
 
-    private Set<String> administrators = new HashSet<String>(2);
-    
+    private Set<String> administrators = new HashSet<String>( 2 );
+
     private PartitionNexus nexus;
 
     /** A starage for the uniqueMember attributeType */
@@ -111,48 +111,48 @@ public class DefaultAuthorizationInterce
 
         ADMIN_SYSTEM_DN = new DN( ServerDNConstants.ADMIN_SYSTEM_DN );
         ADMIN_SYSTEM_DN.normalize( schemaManager.getNormalizerMapping() );
-        
+
         GROUP_BASE_DN = new DN( ServerDNConstants.GROUPS_SYSTEM_DN );
         GROUP_BASE_DN.normalize( schemaManager.getNormalizerMapping() );
-     
+
         ADMIN_GROUP_DN = new DN( ServerDNConstants.ADMINISTRATORS_GROUP_DN );
         ADMIN_GROUP_DN.normalize( schemaManager.getNormalizerMapping() );
 
         uniqueMemberAT = schemaManager.lookupAttributeTypeRegistry( SchemaConstants.UNIQUE_MEMBER_AT_OID
);
-        
+
         loadAdministrators( directoryService );
     }
-    
-    
+
+
     private void loadAdministrators( DirectoryService directoryService ) throws Exception
     {
         // read in the administrators and cache their normalized names
         Set<String> newAdministrators = new HashSet<String>( 2 );
         DN adminDn = new DN( ServerDNConstants.ADMIN_SYSTEM_DN_NORMALIZED );
         adminDn.normalize( directoryService.getSchemaManager().getNormalizerMapping() );
-        CoreSession adminSession = new DefaultCoreSession( 
-            new LdapPrincipal( adminDn, AuthenticationLevel.STRONG ), directoryService );
+        CoreSession adminSession = new DefaultCoreSession( new LdapPrincipal( adminDn, AuthenticationLevel.STRONG
),
+            directoryService );
 
         Entry adminGroup = nexus.lookup( new LookupOperationContext( adminSession, ADMIN_GROUP_DN
) );
-        
+
         if ( adminGroup == null )
         {
             return;
         }
-        
+
         EntryAttribute uniqueMember = adminGroup.get( uniqueMemberAT );
-        
-        for ( Value<?> value:uniqueMember )
+
+        for ( Value<?> value : uniqueMember )
         {
             DN memberDn = new DN( value.getString() );
             memberDn.normalize( directoryService.getSchemaManager().getNormalizerMapping()
);
             newAdministrators.add( memberDn.getNormName() );
         }
-        
+
         administrators = newAdministrators;
     }
 
-    
+
     // Note:
     //    Lookup, search and list operations need to be handled using a filter
     // and so we need access to the filter service.
@@ -180,7 +180,7 @@ public class DefaultAuthorizationInterce
             LOG.error( msg );
             throw new LdapNoPermissionException( msg );
         }
-        
+
         DN principalDN = getPrincipal().getDNRef();
 
         if ( dn.equals( ADMIN_SYSTEM_DN ) )
@@ -198,7 +198,7 @@ public class DefaultAuthorizationInterce
                 LOG.error( msg );
                 throw new LdapNoPermissionException( msg );
             }
-        
+
             if ( dn.isChildOf( GROUP_BASE_DN ) )
             {
                 String msg = I18n.err( I18n.ERR_16, principalDN.getName(), dn.getName() );
@@ -210,18 +210,18 @@ public class DefaultAuthorizationInterce
         nextInterceptor.delete( opContext );
     }
 
-    
+
     private boolean isTheAdministrator( DN normalizedDn )
     {
         return normalizedDn.equals( ADMIN_SYSTEM_DN );
     }
-    
-    
+
+
     private boolean isAnAdministrator( DN dn )
     {
         return isTheAdministrator( dn ) || administrators.contains( dn.getNormName() );
     }
-    
+
 
     // ------------------------------------------------------------------------
     // Entry Modification Operations
@@ -233,18 +233,17 @@ public class DefaultAuthorizationInterce
      * users to self access these resources.  As far as we're concerned no one but
      * the admin needs access.
      */
-    public void modify( NextInterceptor nextInterceptor, ModifyOperationContext opContext
)
-        throws Exception
+    public void modify( NextInterceptor nextInterceptor, ModifyOperationContext opContext
) throws Exception
     {
         if ( !opContext.getSession().getDirectoryService().isAccessControlEnabled() )
         {
             DN dn = opContext.getDn();
-            
+
             protectModifyAlterations( dn );
             nextInterceptor.modify( opContext );
 
             // update administrators if we change administrators group
-            if ( dn.getNormName().equals( ADMIN_GROUP_DN.getNormName() ) )
+            if ( dn.equals( ADMIN_GROUP_DN ) )
             {
                 loadAdministrators( opContext.getSession().getDirectoryService() );
             }
@@ -267,30 +266,30 @@ public class DefaultAuthorizationInterce
             throw new LdapNoPermissionException( msg );
         }
 
-        if ( ! isAnAdministrator( principalDn ) )
+        if ( !isAnAdministrator( principalDn ) )
         {
             // allow self modifications 
-            if ( dn.getNormName().equals( getPrincipal().getName() ) )
+            if ( dn.equals( getPrincipal() ) )
             {
                 return;
             }
-            
-            if ( dn.getNormName().equals( ServerDNConstants.ADMIN_SYSTEM_DN_NORMALIZED )
)
+
+            if ( dn.equals( ServerDNConstants.ADMIN_SYSTEM_DN ) )
             {
                 String msg = I18n.err( I18n.ERR_18, principalDn.getName() );
                 LOG.error( msg );
                 throw new LdapNoPermissionException( msg );
             }
 
-            if ( dn.size() > 2 ) 
-                {
+            if ( dn.size() > 2 )
+            {
                 if ( dn.isChildOf( ADMIN_SYSTEM_DN ) )
                 {
-                    String msg = I18n.err( I18n.ERR_19, principalDn.getName(),  dn.getName()
);
+                    String msg = I18n.err( I18n.ERR_19, principalDn.getName(), dn.getName()
);
                     LOG.error( msg );
                     throw new LdapNoPermissionException( msg );
                 }
-    
+
                 if ( dn.isChildOf( GROUP_BASE_DN ) )
                 {
                     String msg = I18n.err( I18n.ERR_20, principalDn.getName(), dn.getName()
);
@@ -300,8 +299,8 @@ public class DefaultAuthorizationInterce
             }
         }
     }
-    
-    
+
+
     // ------------------------------------------------------------------------
     // DN altering operations are a no no for any user entry.  Basically here
     // are the rules of conduct to follow:
@@ -311,14 +310,13 @@ public class DefaultAuthorizationInterce
     //  o The administrator entry cannot be moved or renamed by anyone
     // ------------------------------------------------------------------------
 
-    public void rename( NextInterceptor nextInterceptor, RenameOperationContext opContext
)
-        throws Exception
+    public void rename( NextInterceptor nextInterceptor, RenameOperationContext opContext
) throws Exception
     {
         if ( !opContext.getSession().getDirectoryService().isAccessControlEnabled() )
         {
             protectDnAlterations( opContext.getDn() );
         }
-        
+
         nextInterceptor.rename( opContext );
     }
 
@@ -329,18 +327,19 @@ public class DefaultAuthorizationInterce
         {
             protectDnAlterations( opContext.getDn() );
         }
-        
+
         nextInterceptor.move( opContext );
     }
 
 
-    public void moveAndRename( NextInterceptor nextInterceptor, MoveAndRenameOperationContext
opContext ) throws Exception
+    public void moveAndRename( NextInterceptor nextInterceptor, MoveAndRenameOperationContext
opContext )
+        throws Exception
     {
         if ( !opContext.getSession().getDirectoryService().isAccessControlEnabled() )
         {
             protectDnAlterations( opContext.getDn() );
         }
-        
+
         nextInterceptor.moveAndRename( opContext );
     }
 
@@ -362,7 +361,7 @@ public class DefaultAuthorizationInterce
             LOG.error( msg );
             throw new LdapNoPermissionException( msg );
         }
-        
+
         if ( isTheAdministrator( dn ) )
         {
             String msg = I18n.err( I18n.ERR_22, principalDn.getName(), dn.getName() );
@@ -390,14 +389,14 @@ public class DefaultAuthorizationInterce
     {
         CoreSession session = opContext.getSession();
         Entry entry = nextInterceptor.lookup( opContext );
-        
+
         if ( session.getDirectoryService().isAccessControlEnabled() || ( entry == null )
)
         {
             return entry;
         }
 
         protectLookUp( session.getEffectivePrincipal().getDN(), opContext.getDn() );
-        
+
         return entry;
     }
 
@@ -408,14 +407,14 @@ public class DefaultAuthorizationInterce
         {
             if ( normalizedDn.size() > 2 )
             {
-                if( normalizedDn.isChildOf( ADMIN_SYSTEM_DN ) )
+                if ( normalizedDn.isChildOf( ADMIN_SYSTEM_DN ) )
                 {
                     // allow for self reads
                     if ( normalizedDn.getNormName().equals( principalDn.getNormName() ) )
                     {
                         return;
                     }
-    
+
                     String msg = I18n.err( I18n.ERR_25, normalizedDn.getName(), principalDn.getName()
);
                     LOG.error( msg );
                     throw new LdapNoPermissionException( msg );
@@ -428,7 +427,7 @@ public class DefaultAuthorizationInterce
                     {
                         return;
                     }
-    
+
                     String msg = I18n.err( I18n.ERR_26, normalizedDn.getName(), principalDn.getName()
);
                     LOG.error( msg );
                     throw new LdapNoPermissionException( msg );
@@ -443,7 +442,7 @@ public class DefaultAuthorizationInterce
                     return;
                 }
 
-                String msg = I18n.err( I18n.ERR_27,  principalDn.getName() );
+                String msg = I18n.err( I18n.ERR_27, principalDn.getName() );
                 LOG.error( msg );
                 throw new LdapNoPermissionException( msg );
             }
@@ -451,7 +450,8 @@ public class DefaultAuthorizationInterce
     }
 
 
-    public EntryFilteringCursor search( NextInterceptor nextInterceptor, SearchOperationContext
opContext ) throws Exception
+    public EntryFilteringCursor search( NextInterceptor nextInterceptor, SearchOperationContext
opContext )
+        throws Exception
     {
         EntryFilteringCursor cursor = nextInterceptor.search( opContext );
 
@@ -460,7 +460,8 @@ public class DefaultAuthorizationInterce
             return cursor;
         }
 
-        cursor.addEntryFilter( new EntryFilter() {
+        cursor.addEntryFilter( new EntryFilter()
+        {
             public boolean accept( SearchingOperationContext operation, ClonedServerEntry
result ) throws Exception
             {
                 return DefaultAuthorizationInterceptor.this.isSearchable( operation, result
);
@@ -470,10 +471,11 @@ public class DefaultAuthorizationInterce
     }
 
 
-    public EntryFilteringCursor list( NextInterceptor nextInterceptor, ListOperationContext
opContext ) throws Exception
+    public EntryFilteringCursor list( NextInterceptor nextInterceptor, ListOperationContext
opContext )
+        throws Exception
     {
         EntryFilteringCursor cursor = nextInterceptor.list( opContext );
-        
+
         if ( opContext.getSession().getDirectoryService().isAccessControlEnabled() )
         {
             return cursor;
@@ -496,7 +498,7 @@ public class DefaultAuthorizationInterce
     {
         DN principalDn = opContext.getSession().getEffectivePrincipal().getDN();
         DN dn = result.getDn();
-        
+
         if ( !dn.isNormalized() )
         {
             dn.normalize( opContext.getSession().getDirectoryService().getSchemaManager().getNormalizerMapping()
);
@@ -507,30 +509,30 @@ public class DefaultAuthorizationInterce
         {
             return true;
         }
-        
+
         // Users reading their own entries should be allowed to see all
         boolean isSelfRead = dn.getNormName().equals( principalDn.getNormName() );
-        
+
         if ( isSelfRead )
         {
             return true;
         }
-        
+
         // Block off reads to anything under ou=users and ou=groups if not a self read
         if ( dn.size() > 2 )
         {
             // stuff this if in here instead of up in outer if to prevent 
             // constant needless reexecution for all entries in other depths
-            
-            if ( dn.getNormName().endsWith( ADMIN_SYSTEM_DN.getNormName() ) 
+
+            if ( dn.getNormName().endsWith( ADMIN_SYSTEM_DN.getNormName() )
                 || dn.getNormName().endsWith( GROUP_BASE_DN.getNormName() ) )
             {
                 return false;
             }
         }
-        
+
         // Non-admin users cannot read the admin entry
-        return ! isTheAdministrator( dn );
+        return !isTheAdministrator( dn );
 
     }
 }

Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/exception/ExceptionInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/exception/ExceptionInterceptor.java?rev=949425&r1=949424&r2=949425&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/exception/ExceptionInterceptor.java
(original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/exception/ExceptionInterceptor.java
Sat May 29 17:36:49 2010
@@ -292,18 +292,21 @@ public class ExceptionInterceptor extend
 
         // handle operations against the schema subentry in the schema service
         // and never try to look it up in the nexus below
-        if ( opContext.getDn().getNormName().equalsIgnoreCase( subschemSubentryDn.getNormName()
) )
+        if ( opContext.getDn().equals( subschemSubentryDn ) )
         {
             nextInterceptor.modify( opContext );
             return;
         }
 
+        // Check that the entry we read at the beginning exists. If
+        // not, we will throw an exception here
         assertHasEntry( opContext, msg );
 
         Entry entry = opContext.getEntry();
 
         List<Modification> items = opContext.getModItems();
 
+        // Check that we aren't adding a value that already exists in the current entry
         for ( Modification item : items )
         {
             if ( item.getOperation() == ModificationOperation.ADD_ATTRIBUTE )
@@ -317,7 +320,8 @@ public class ExceptionInterceptor extend
                     {
                         if ( entryAttr.contains( value ) )
                         {
-                            throw new LdapAttributeInUseException( I18n.err( I18n.ERR_254,
value, modAttr.getId() ) );
+                            throw new LdapAttributeInUseException( I18n.err( I18n.ERR_254_ADD_EXISTING_VALUE,
value,
+                                modAttr.getId() ) );
                         }
                     }
                 }



Mime
View raw message