directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From elecha...@apache.org
Subject svn commit: r980723 - in /directory/apacheds/trunk: core-integ/src/test/java/org/apache/directory/server/core/admin/AdministrativePointServiceIT.java core/src/main/java/org/apache/directory/server/core/admin/AdministrativePointInterceptor.java
Date Fri, 30 Jul 2010 10:29:21 GMT
Author: elecharny
Date: Fri Jul 30 10:29:21 2010
New Revision: 980723

URL: http://svn.apache.org/viewvc?rev=980723&view=rev
Log:
o Added some tests for the Modify Add and Replace operation
o Fixed the AdministrativePoint interceptor

Modified:
    directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/admin/AdministrativePointServiceIT.java
    directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/admin/AdministrativePointInterceptor.java

Modified: directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/admin/AdministrativePointServiceIT.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/admin/AdministrativePointServiceIT.java?rev=980723&r1=980722&r2=980723&view=diff
==============================================================================
--- directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/admin/AdministrativePointServiceIT.java
(original)
+++ directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/admin/AdministrativePointServiceIT.java
Fri Jul 30 10:29:21 2010
@@ -27,12 +27,17 @@ import static org.junit.Assert.assertTru
 import org.apache.directory.ldap.client.api.LdapConnection;
 import org.apache.directory.ldap.client.api.message.AddResponse;
 import org.apache.directory.ldap.client.api.message.ModifyDnResponse;
+import org.apache.directory.ldap.client.api.message.ModifyResponse;
 import org.apache.directory.ldap.client.api.message.SearchResponse;
 import org.apache.directory.ldap.client.api.message.SearchResultEntry;
 import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
 import org.apache.directory.server.core.integ.FrameworkRunner;
 import org.apache.directory.server.core.integ.IntegrationUtils;
+import org.apache.directory.shared.ldap.entry.DefaultEntryAttribute;
+import org.apache.directory.shared.ldap.entry.DefaultModification;
 import org.apache.directory.shared.ldap.entry.Entry;
+import org.apache.directory.shared.ldap.entry.Modification;
+import org.apache.directory.shared.ldap.entry.ModificationOperation;
 import org.apache.directory.shared.ldap.ldif.LdifUtils;
 import org.apache.directory.shared.ldap.message.ResultCodeEnum;
 import org.junit.After;
@@ -67,6 +72,17 @@ public class AdministrativePointServiceI
     }
 
 
+    private Entry getAdminRole( String dn ) throws Exception
+    {
+        SearchResponse lookup = connection.lookup( dn, "administrativeRole" );
+
+        assertTrue( lookup instanceof SearchResultEntry );
+
+        Entry entry = ((SearchResultEntry)lookup).getEntry();
+
+        return entry;
+    }
+
     // -------------------------------------------------------------------
     // Test the Add operation
     // -------------------------------------------------------------------
@@ -91,17 +107,13 @@ public class AdministrativePointServiceI
         assertEquals( ResultCodeEnum.SUCCESS, response.getLdapResult().getResultCode() );
 
         // Check that the entry is containing all the roles
-        SearchResponse lookup = connection.lookup( "ou=autonomousArea, ou=system", "administrativeRole"
);
-
-        assertTrue( lookup instanceof SearchResultEntry );
+        Entry entry = getAdminRole( "ou=autonomousArea, ou=system" );
 
-        Entry result = ((SearchResultEntry)lookup).getEntry();
-
-        assertTrue( result.contains( "administrativeRole", "autonomousArea" ) );
-        assertFalse( result.contains( "administrativeRole", "accessControlSpecificArea" )
);
-        assertFalse( result.contains( "administrativeRole", "collectiveAttributeSpecificArea"
) );
-        assertFalse( result.contains( "administrativeRole", "2.5.23.4" ) );
-        assertFalse( result.contains( "administrativeRole", "triggerExecutionSpecificArea"
) );
+        assertTrue( entry.contains( "administrativeRole", "autonomousArea" ) );
+        assertFalse( entry.contains( "administrativeRole", "accessControlSpecificArea" )
);
+        assertFalse( entry.contains( "administrativeRole", "collectiveAttributeSpecificArea"
) );
+        assertFalse( entry.contains( "administrativeRole", "2.5.23.4" ) );
+        assertFalse( entry.contains( "administrativeRole", "triggerExecutionSpecificArea"
) );
 
         autonomousArea = LdifUtils.createEntry(
             "ou=autonomousArea2, ou=system",
@@ -143,17 +155,14 @@ public class AdministrativePointServiceI
         assertEquals( ResultCodeEnum.SUCCESS, response.getLdapResult().getResultCode() );
 
         // Check that the entry is containing all the roles
-        SearchResponse lookup = connection.lookup( "ou=autonomousArea, ou=system", "administrativeRole"
);
-
-        assertTrue( lookup instanceof SearchResultEntry );
+        Entry entry = getAdminRole( "ou=autonomousArea, ou=system" );
 
-        Entry result = ((SearchResultEntry)lookup).getEntry();
 
-        assertFalse( result.contains( "administrativeRole", "autonomousArea" ) );
-        assertTrue( result.contains( "administrativeRole", "accessControlSpecificArea" )
);
-        assertFalse( result.contains( "administrativeRole", "collectiveAttributeSpecificArea"
) );
-        assertFalse( result.contains( "administrativeRole", "2.5.23.4" ) );
-        assertTrue( result.contains( "administrativeRole", "triggerExecutionSpecificArea"
) );
+        assertFalse( entry.contains( "administrativeRole", "autonomousArea" ) );
+        assertTrue( entry.contains( "administrativeRole", "accessControlSpecificArea" ) );
+        assertFalse( entry.contains( "administrativeRole", "collectiveAttributeSpecificArea"
) );
+        assertFalse( entry.contains( "administrativeRole", "2.5.23.4" ) );
+        assertTrue( entry.contains( "administrativeRole", "triggerExecutionSpecificArea"
) );
     }
 
 
@@ -178,15 +187,11 @@ public class AdministrativePointServiceI
         assertEquals( ResultCodeEnum.SUCCESS, response.getLdapResult().getResultCode() );
 
         // Check that the entry is containing all the roles
-        SearchResponse lookup = connection.lookup( "ou=autonomousArea, ou=system", "administrativeRole"
);
+        Entry entry = getAdminRole( "ou=autonomousArea, ou=system" );
 
-        assertTrue( lookup instanceof SearchResultEntry );
-
-        Entry result = ((SearchResultEntry)lookup).getEntry();
-
-        assertFalse( result.contains( "administrativeRole", "autonomousArea" ) );
-        assertTrue( result.contains( "administrativeRole", "accessControlInnerArea" ) );
-        assertTrue( result.contains( "administrativeRole", "triggerExecutionInnerArea" )
);
+        assertFalse( entry.contains( "administrativeRole", "autonomousArea" ) );
+        assertTrue( entry.contains( "administrativeRole", "accessControlInnerArea" ) );
+        assertTrue( entry.contains( "administrativeRole", "triggerExecutionInnerArea" ) );
     }
 
 
@@ -237,6 +242,158 @@ public class AdministrativePointServiceI
     // -------------------------------------------------------------------
     // Test the Modify operation
     // -------------------------------------------------------------------
+    /**
+     * Test the addition of a ACSA to a CASA
+     * @throws Exception
+     */
+    @Test
+    public void testModifyAddSpecificArea() throws Exception
+    {
+        // Inject an CASA
+        Entry caArea = LdifUtils.createEntry(
+            "ou=caArea, ou=system",
+            "ObjectClass: top",
+            "ObjectClass: organizationalUnit",
+            "ou: caArea",
+            "administrativeRole: collectiveAttributeSpecificArea"
+            );
+
+        connection.add( caArea );
+
+        // Add another specific area
+        Modification modification = new DefaultModification(
+                                            ModificationOperation.ADD_ATTRIBUTE,
+                                            new DefaultEntryAttribute( "administrativeRole",
"accessControlSpecificArea" ) );
+        ModifyResponse response = connection.modify( "ou=caArea, ou=system", modification
);
+
+        assertEquals( ResultCodeEnum.SUCCESS, response.getLdapResult().getResultCode() );
+        Entry entry = getAdminRole( "ou=caArea, ou=system" );
+
+        assertTrue( entry.contains( "administrativeRole", "accessControlSpecificArea" ) );
+        assertTrue( entry.contains( "administrativeRole", "collectiveAttributeSpecificArea"
) );
+    }
+
+
+    /**
+     * Test the addition of a ACIA to a CASA
+     * @throws Exception
+     */
+    @Test
+    public void testModifyAddInnerArea() throws Exception
+    {
+        // Inject an CASA
+        Entry caArea = LdifUtils.createEntry(
+            "ou=caArea, ou=system",
+            "ObjectClass: top",
+            "ObjectClass: organizationalUnit",
+            "ou: caArea",
+            "administrativeRole: collectiveAttributeSpecificArea"
+            );
+
+        connection.add( caArea );
+
+        // Add another specific area
+        Modification modification = new DefaultModification(
+                                            ModificationOperation.ADD_ATTRIBUTE,
+                                            new DefaultEntryAttribute(
+                                                "administrativeRole", "accessControlInnerArea"
) );
+        ModifyResponse response = connection.modify( "ou=caArea, ou=system", modification
);
+
+        assertEquals( ResultCodeEnum.SUCCESS, response.getLdapResult().getResultCode() );
+        Entry entry = getAdminRole( "ou=caArea, ou=system" );
+
+        assertTrue( entry.contains( "administrativeRole", "collectiveAttributeSpecificArea"
) );
+        assertTrue( entry.contains( "administrativeRole", "accessControlInnerArea" ) );
+    }
+
+
+    /**
+     * Test the addition of a CAIA to a CASA
+     * @throws Exception
+     */
+    @Test
+    public void testModifyAddInnerAreaToSameSpecificArea() throws Exception
+    {
+        // Inject an CASA
+        Entry caArea = LdifUtils.createEntry(
+            "ou=caArea, ou=system",
+            "ObjectClass: top",
+            "ObjectClass: organizationalUnit",
+            "ou: caArea",
+            "administrativeRole: collectiveAttributeSpecificArea"
+            );
+
+        connection.add( caArea );
+
+        // Add another specific area
+        Modification modification = new DefaultModification(
+                                            ModificationOperation.ADD_ATTRIBUTE,
+                                            new DefaultEntryAttribute(
+                                                "administrativeRole", "collectiveAttributeInnerArea"
) );
+        ModifyResponse response = connection.modify( "ou=caArea, ou=system", modification
);
+
+        assertEquals( ResultCodeEnum.UNWILLING_TO_PERFORM, response.getLdapResult().getResultCode()
);
+    }
+
+
+    /**
+     * Test the addition of the same CASA
+     * @throws Exception
+     */
+    @Test
+    public void testModifyAddSameSpecificArea() throws Exception
+    {
+        // Inject an CASA
+        Entry caArea = LdifUtils.createEntry(
+            "ou=caArea, ou=system",
+            "ObjectClass: top",
+            "ObjectClass: organizationalUnit",
+            "ou: caArea",
+            "administrativeRole: collectiveAttributeSpecificArea"
+            );
+
+        connection.add( caArea );
+
+        // Add another specific area
+        Modification modification = new DefaultModification(
+                                            ModificationOperation.ADD_ATTRIBUTE,
+                                            new DefaultEntryAttribute(
+                                                "administrativeRole", "collectiveAttributeSpecificArea"
) );
+        ModifyResponse response = connection.modify( "ou=caArea, ou=system", modification
);
+
+        assertEquals( ResultCodeEnum.ATTRIBUTE_OR_VALUE_EXISTS, response.getLdapResult().getResultCode()
);
+    }
+
+
+    /**
+     * Test the replace modification : it's not supported
+     * @throws Exception
+     */
+    @Test
+    public void testModifyReplace() throws Exception
+    {
+        // Inject an CASA
+        Entry caArea = LdifUtils.createEntry(
+            "ou=caArea, ou=system",
+            "ObjectClass: top",
+            "ObjectClass: organizationalUnit",
+            "ou: caArea",
+            "administrativeRole: collectiveAttributeSpecificArea"
+            );
+
+        connection.add( caArea );
+
+        // Try to modify it to an InnerArea
+        Modification modification = new DefaultModification(
+                                            ModificationOperation.REPLACE_ATTRIBUTE,
+                                            new DefaultEntryAttribute( "administrativeRole",
"collectiveAttributeSpecificArea" ) );
+        ModifyResponse response = connection.modify( "ou=caArea, ou=system", modification
);
+
+        // Should fail
+        assertEquals( ResultCodeEnum.UNWILLING_TO_PERFORM, response.getLdapResult().getResultCode()
);
+    }
+
+
     // -------------------------------------------------------------------
     // Test the Move operation
     // -------------------------------------------------------------------

Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/admin/AdministrativePointInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/admin/AdministrativePointInterceptor.java?rev=980723&r1=980722&r2=980723&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/admin/AdministrativePointInterceptor.java
(original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/admin/AdministrativePointInterceptor.java
Fri Jul 30 10:29:21 2010
@@ -119,6 +119,85 @@ public class AdministrativePointIntercep
         ROLES.add( SchemaConstants.TRIGGER_EXECUTION_INNER_AREA_OID );
     }
 
+    /** The possible inner area roles */
+    private static final Set<String> INNER_AREA_ROLES = new HashSet<String>();
+
+    static
+    {
+        INNER_AREA_ROLES.add( SchemaConstants.ACCESS_CONTROL_INNER_AREA.toLowerCase() );
+        INNER_AREA_ROLES.add( SchemaConstants.ACCESS_CONTROL_INNER_AREA_OID );
+        INNER_AREA_ROLES.add( SchemaConstants.COLLECTIVE_ATTRIBUTE_INNER_AREA.toLowerCase()
);
+        INNER_AREA_ROLES.add( SchemaConstants.COLLECTIVE_ATTRIBUTE_INNER_AREA_OID );
+        INNER_AREA_ROLES.add( SchemaConstants.TRIGGER_EXECUTION_INNER_AREA.toLowerCase()
);
+        INNER_AREA_ROLES.add( SchemaConstants.TRIGGER_EXECUTION_INNER_AREA_OID );
+    }
+
+    /** The possible specific area roles */
+    private static final Set<String> SPECIFIC_AREA_ROLES = new HashSet<String>();
+
+    static
+    {
+        SPECIFIC_AREA_ROLES.add( SchemaConstants.ACCESS_CONTROL_SPECIFIC_AREA.toLowerCase()
);
+        SPECIFIC_AREA_ROLES.add( SchemaConstants.ACCESS_CONTROL_SPECIFIC_AREA_OID );
+        SPECIFIC_AREA_ROLES.add( SchemaConstants.COLLECTIVE_ATTRIBUTE_SPECIFIC_AREA.toLowerCase()
);
+        SPECIFIC_AREA_ROLES.add( SchemaConstants.COLLECTIVE_ATTRIBUTE_SPECIFIC_AREA_OID );
+        SPECIFIC_AREA_ROLES.add( SchemaConstants.SUB_SCHEMA_ADMIN_SPECIFIC_AREA.toLowerCase()
);
+        SPECIFIC_AREA_ROLES.add( SchemaConstants.SUB_SCHEMA_ADMIN_SPECIFIC_AREA_OID );
+        SPECIFIC_AREA_ROLES.add( SchemaConstants.TRIGGER_EXECUTION_SPECIFIC_AREA.toLowerCase()
);
+        SPECIFIC_AREA_ROLES.add( SchemaConstants.TRIGGER_EXECUTION_SPECIFIC_AREA_OID );
+    }
+
+
+    /**
+     * Tells if the given role is a InnerArea role
+     */
+    private boolean isInnerArea( String role )
+    {
+        return INNER_AREA_ROLES.contains( StringTools.toLowerCase( StringTools.trim( role
) ) );
+    }
+
+
+    /**
+     * Tells if the AdministrativeRole attribute contains the same Specific Area role
+     * than the given Inner Area role
+     */
+    private boolean hasSpecificArea( String role, EntryAttribute modifiedAdminRole )
+    {
+        // Check if the associated specific area role is already present
+        if ( role.equals( SchemaConstants.ACCESS_CONTROL_INNER_AREA.toLowerCase() ) ||
+             role.equals( SchemaConstants.ACCESS_CONTROL_INNER_AREA_OID ) )
+        {
+            if ( modifiedAdminRole.contains( SchemaConstants.ACCESS_CONTROL_SPECIFIC_AREA.toLowerCase()
) ||
+                 modifiedAdminRole.contains( SchemaConstants.ACCESS_CONTROL_SPECIFIC_AREA_OID
) )
+            {
+                // Not a valid role : we will throw an exception
+                return true;
+            }
+        }
+        else if ( role.equals( SchemaConstants.COLLECTIVE_ATTRIBUTE_INNER_AREA.toLowerCase()
) ||
+                 role.equals( SchemaConstants.COLLECTIVE_ATTRIBUTE_INNER_AREA_OID ) )
+        {
+            if ( modifiedAdminRole.contains( SchemaConstants.COLLECTIVE_ATTRIBUTE_SPECIFIC_AREA
) ||
+                 modifiedAdminRole.contains( SchemaConstants.COLLECTIVE_ATTRIBUTE_SPECIFIC_AREA_OID
) )
+            {
+                // Not a valid role : we will throw an exception
+                return true;
+            }
+        }
+        else if ( role.equals( SchemaConstants.TRIGGER_EXECUTION_INNER_AREA.toLowerCase()
) ||
+                  role.equals( SchemaConstants.TRIGGER_EXECUTION_INNER_AREA_OID ) )
+        {
+            if ( modifiedAdminRole.contains( SchemaConstants.TRIGGER_EXECUTION_SPECIFIC_AREA.toLowerCase()
) ||
+                 modifiedAdminRole.contains( SchemaConstants.TRIGGER_EXECUTION_SPECIFIC_AREA_OID
) )
+            {
+                // Not a valid role : we will throw an exception
+                return true;
+            }
+        }
+
+        return false;
+    }
+
     /**
      * Creates an Administrative service interceptor.
      */
@@ -341,6 +420,7 @@ public class AdministrativePointIntercep
 
 
     /**
+     * Only the add and remove modifications are fully supported.
      * {@inheritDoc}
      */
     public void modify( NextInterceptor next, ModifyOperationContext modifyContext ) throws
LdapException
@@ -373,10 +453,12 @@ public class AdministrativePointIntercep
 
                     for ( Value<?> value : attribute )
                     {
-                        if ( !isValidRole( value.getString() ) )
+                        String role = StringTools.toLowerCase( StringTools.trim( value.getString()
) );
+
+                        if ( !isValidRole( role ) )
                         {
                             // Not a valid role : we will throw an exception
-                            String msg = "Invalid role : " + value.getString();
+                            String msg = "Invalid role : " + value;
                             LOG.error( msg );
                             throw new LdapInvalidAttributeValueException( ResultCodeEnum.INVALID_ATTRIBUTE_SYNTAX,
msg );
                         }
@@ -392,6 +474,16 @@ public class AdministrativePointIntercep
                             throw new LdapAttributeInUseException( msg );
                         }
 
+                        // Forbid the addition of an InnerArea if the same SpecificArea
+                        // already exists
+                        if ( isInnerArea( role ) && hasSpecificArea( role, modifiedAdminRole
) )
+                        {
+                            // Not a valid role : we will throw an exception
+                            String msg = "Cannot add an Inner Area ole to an AdministrativePoint
which already has the same Specific Area role " + value;
+                            LOG.error( msg );
+                            throw new LdapUnwillingToPerformException( msg );
+                        }
+
                         // Add the role to the modified attribute
                         modifiedAdminRole.add( value );
                     }
@@ -440,48 +532,10 @@ public class AdministrativePointIntercep
                     break;
 
                 case REPLACE_ATTRIBUTE :
-                    if ( modifiedAdminRole == null )
-                    {
-                        // We have to create the attribute
-                        // We can't remove a value when the attribute does not exist.
-                        String msg = "Cannot remove the administrative role, it does not
exist";
-                        LOG.error( msg );
-                        throw new LdapNoSuchAttributeException( msg );
-                    }
-
-                    // It may be a complete removal
-                    if ( attribute.size() == 0 )
-                    {
-                        // Complete removal
-                        modifiedAdminRole = null;
-                        break;
-                    }
-
-                    // Now replace the existing attributes with the new ones if they are
valid
-                    modifiedAdminRole.clear();
-
-                    for ( Value<?> value : attribute )
-                    {
-                        if ( !isValidRole( value.getString() ) )
-                        {
-                            // Not a valid role : we will throw an exception
-                            String msg = "Invalid role : " + value.getString();
-                            LOG.error( msg );
-                            throw new LdapInvalidAttributeValueException( ResultCodeEnum.INVALID_ATTRIBUTE_SYNTAX,
msg );
-                        }
-
-                        if ( modifiedAdminRole.contains( value ) )
-                        {
-                            // We can't add a value if it already exists !
-                            String msg = "Cannot add the administrative role value" + value
+ ", it already exists";
-                            LOG.error( msg );
-                            throw new LdapAttributeInUseException( msg );
-                        }
-
-                        modifiedAdminRole.add( value );
-                    }
-
-                    break;
+                    // Not supported
+                    String msg = "Cannot replace an administrative role, the opertion is
not supported";
+                    LOG.error( msg );
+                    throw new LdapUnwillingToPerformException( msg );
             }
         }
 



Mime
View raw message