Return-Path: Delivered-To: apmail-directory-commits-archive@www.apache.org Received: (qmail 74499 invoked from network); 31 Jul 2010 14:24:57 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 31 Jul 2010 14:24:57 -0000 Received: (qmail 22913 invoked by uid 500); 31 Jul 2010 14:24:57 -0000 Delivered-To: apmail-directory-commits-archive@directory.apache.org Received: (qmail 22851 invoked by uid 500); 31 Jul 2010 14:24:56 -0000 Mailing-List: contact commits-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@directory.apache.org Delivered-To: mailing list commits@directory.apache.org Received: (qmail 22844 invoked by uid 99); 31 Jul 2010 14:24:55 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 31 Jul 2010 14:24:55 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 31 Jul 2010 14:24:50 +0000 Received: by eris.apache.org (Postfix, from userid 65534) id B641A23889E5; Sat, 31 Jul 2010 14:23:31 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r981063 - in /directory: apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/administrative/ apacheds/trunk/core/src/main/java/org/apache/directory/server/core/admin/ apacheds/trunk/core/src/main/java/org/apache/directory... Date: Sat, 31 Jul 2010 14:23:31 -0000 To: commits@directory.apache.org From: elecharny@apache.org X-Mailer: svnmailer-1.0.8 Message-Id: <20100731142331.B641A23889E5@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: elecharny Date: Sat Jul 31 14:23:30 2010 New Revision: 981063 URL: http://svn.apache.org/viewvc?rev=981063&view=rev Log: o Added the AdministrativePoint classes o Removed the AdministrativeRole class from core (we will use the one in shared-ldap) Added: directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/administrative/ directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/administrative/AbstractAdministrativePoint.java directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/administrative/AdministrativePoint.java directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/administrative/AutonomousAdministrativePoint.java directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/administrative/InnerAdministrativePoint.java directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/administrative/SpecificAdministrativePoint.java directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/subtree/AdministrativeRole.java Removed: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/subtree/AdministrativeRole.java Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/admin/AdministrativePointInterceptor.java directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/subtree/Subentry.java directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/subtree/SubentryInterceptor.java Added: directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/administrative/AbstractAdministrativePoint.java URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/administrative/AbstractAdministrativePoint.java?rev=981063&view=auto ============================================================================== --- directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/administrative/AbstractAdministrativePoint.java (added) +++ directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/administrative/AbstractAdministrativePoint.java Sat Jul 31 14:23:30 2010 @@ -0,0 +1,151 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ +package org.apache.directory.server.core.administrative; + +import java.util.Map; +import java.util.concurrent.ConcurrentHashMap; + +import org.apache.directory.shared.ldap.name.DN; +import org.apache.directory.shared.ldap.subtree.AdministrativeRole; + +/** + * + * @author Apache Directory Project + */ +public abstract class AbstractAdministrativePoint implements AdministrativePoint +{ + /** The AA's DN */ + protected DN dn; + + /** The AA's UUID */ + protected String uuid; + + /** The AdmonistrativeRole */ + protected AdministrativeRole role; + + /** The parent AdministrativePoint */ + protected AdministrativePoint parent; + + /** The children AdministrativePoints */ + protected Map children; + + protected AbstractAdministrativePoint( DN dn, String uuid, AdministrativeRole role ) + { + this.dn = dn; + this.uuid = uuid; + this.role = role; + this.children = new ConcurrentHashMap(); + } + + /** + * @return The administrativeRole + */ + public abstract AdministrativeRole getRole(); + + + /** + * {@inheritDoc} + */ + public DN getDn() + { + return dn; + } + + + /** + * {@inheritDoc} + */ + public String getUuid() + { + return uuid; + } + + + /** + * {@inheritDoc} + */ + public boolean isAutonomous() + { + return false; + } + + + /** + * {@inheritDoc} + */ + public boolean isInner() + { + return false; + } + + + /** + * {@inheritDoc} + */ + public boolean isSpecific() + { + return false; + } + + + /** + * {@inheritDoc} + */ + public AdministrativePoint getParent() + { + return parent; + } + + + /** + * {@inheritDoc} + */ + public void setParent( AdministrativePoint parent ) + { + this.parent = parent; + } + + + /** + * {@inheritDoc} + */ + public Map getChildren() + { + return children; + } + + + /** + * {@inheritDoc} + */ + public void setChildren( Map children ) + { + this.children = children; + } + + + /** + * {@inheritDoc} + */ + public void addChild( AdministrativePoint child ) + { + children.put( child.getUuid(), child ); + } +} Added: directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/administrative/AdministrativePoint.java URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/administrative/AdministrativePoint.java?rev=981063&view=auto ============================================================================== --- directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/administrative/AdministrativePoint.java (added) +++ directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/administrative/AdministrativePoint.java Sat Jul 31 14:23:30 2010 @@ -0,0 +1,96 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ +package org.apache.directory.server.core.administrative; + +import java.util.Map; + +import org.apache.directory.shared.ldap.name.DN; + +/** + * + * @author Apache Directory Project + */ +public interface AdministrativePoint +{ + /** + * @return The AdministrativePoint DN + */ + DN getDn(); + + + /** + * @return The AdministrativePoint UUID + */ + String getUuid(); + + + /** + * @return true if the AdministrativePoint is an AutonomousArea + */ + boolean isAutonomous(); + + + /** + * @return true if the AdministrativePoint is an InnerArea + */ + boolean isInner(); + + + /** + * @return true if the AdministrativePoint is a SpecificArea + */ + boolean isSpecific(); + + + /** + * @return The parent AdministrativePoint, if any + */ + AdministrativePoint getParent(); + + + /** + * Set the AdministrativePoint parent + * + * @param parent the AdministrativePoint parent + */ + void setParent( AdministrativePoint parent ); + + + /** + * @return The list of children AdministrativePoint. May be empty + */ + Map getChildren(); + + + /** + * Add an AdministrativePoint child + * + * @param child the AdministrativePoint child to add + */ + void addChild( AdministrativePoint child ); + + + /** + * Set the AdministrativePoint children + * + * @param children the AdministrativePoint children + */ + void setChildren( Map children ); +} Added: directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/administrative/AutonomousAdministrativePoint.java URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/administrative/AutonomousAdministrativePoint.java?rev=981063&view=auto ============================================================================== --- directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/administrative/AutonomousAdministrativePoint.java (added) +++ directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/administrative/AutonomousAdministrativePoint.java Sat Jul 31 14:23:30 2010 @@ -0,0 +1,59 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ +package org.apache.directory.server.core.administrative; + +import org.apache.directory.shared.ldap.name.DN; +import org.apache.directory.shared.ldap.subtree.AdministrativeRole; + +/** + * + * @author Apache Directory Project + */ +public class AutonomousAdministrativePoint extends AbstractAdministrativePoint +{ + /** + * Create an instance of AutonomousAdministrativePoint + * + * @param dn The AdministrativePoint DN + * @param uuid The AdministrativePoint UUID + */ + protected AutonomousAdministrativePoint( DN dn, String uuid ) + { + super( dn, uuid, AdministrativeRole.AutonomousArea ); + } + + + /** + * {@inheritDoc} + */ + public boolean isAutonomous() + { + return true; + } + + + /** + * {@inheritDoc} + */ + public AdministrativeRole getRole() + { + return AdministrativeRole.AutonomousArea; + } +} Added: directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/administrative/InnerAdministrativePoint.java URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/administrative/InnerAdministrativePoint.java?rev=981063&view=auto ============================================================================== --- directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/administrative/InnerAdministrativePoint.java (added) +++ directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/administrative/InnerAdministrativePoint.java Sat Jul 31 14:23:30 2010 @@ -0,0 +1,69 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ +package org.apache.directory.server.core.administrative; + +import org.apache.directory.shared.ldap.name.DN; +import org.apache.directory.shared.ldap.subtree.AdministrativeRole; + +/** + * + * @author Apache Directory Project + */ +public class InnerAdministrativePoint extends AbstractAdministrativePoint +{ + /** + * Create an instance of InnerAdministrativePoint + * + * @param dn The AdministrativePoint DN + * @param uuid The AdministrativePoint UUID + * @param role The AdministrativePoint role + */ + protected InnerAdministrativePoint( DN dn, String uuid, AdministrativeRole role ) + { + super( dn, uuid, role ); + } + + + /** + * {@inheritDoc} + */ + public boolean isInner() + { + return true; + } + + + /** + * {@inheritDoc} + */ + public AdministrativeRole getRole() + { + return role; + } + + + /** + * {@inheritDoc} + */ + public AdministrativePoint getParent() + { + return parent; + } +} Added: directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/administrative/SpecificAdministrativePoint.java URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/administrative/SpecificAdministrativePoint.java?rev=981063&view=auto ============================================================================== --- directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/administrative/SpecificAdministrativePoint.java (added) +++ directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/administrative/SpecificAdministrativePoint.java Sat Jul 31 14:23:30 2010 @@ -0,0 +1,69 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ +package org.apache.directory.server.core.administrative; + +import org.apache.directory.shared.ldap.name.DN; +import org.apache.directory.shared.ldap.subtree.AdministrativeRole; + +/** + * + * @author Apache Directory Project + */ +public class SpecificAdministrativePoint extends AbstractAdministrativePoint +{ + /** + * Create an instance of SpecificAdministrativePoint + * + * @param dn The AdministrativePoint DN + * @param uuid The AdministrativePoint UUID + * @param role The AdministrativePoint role + */ + protected SpecificAdministrativePoint( DN dn, String uuid, AdministrativeRole role ) + { + super( dn, uuid, role ); + } + + + /** + * {@inheritDoc} + */ + public boolean isSpecific() + { + return true; + } + + + /** + * {@inheritDoc} + */ + public AdministrativeRole getRole() + { + return role; + } + + + /** + * {@inheritDoc} + */ + public AdministrativePoint getParent() + { + return parent; + } +} Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/admin/AdministrativePointInterceptor.java URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/admin/AdministrativePointInterceptor.java?rev=981063&r1=981062&r2=981063&view=diff ============================================================================== --- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/admin/AdministrativePointInterceptor.java (original) +++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/admin/AdministrativePointInterceptor.java Sat Jul 31 14:23:30 2010 @@ -65,6 +65,7 @@ import org.apache.directory.shared.ldap. import org.apache.directory.shared.ldap.name.DN; import org.apache.directory.shared.ldap.schema.AttributeType; import org.apache.directory.shared.ldap.schema.SchemaManager; +import org.apache.directory.shared.ldap.subtree.AdministrativeRole; import org.apache.directory.shared.ldap.util.StringTools; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -96,6 +97,9 @@ public class AdministrativePointIntercep /** A reference to the AdministrativeRole AT */ private static AttributeType ADMINISTRATIVE_ROLE_AT; + /** A reference to the EntryUUID AT */ + private static AttributeType ENTRY_UUID_AT; + /** The possible roles */ private static final Set ROLES = new HashSet(); @@ -205,6 +209,7 @@ public class AdministrativePointIntercep { } + //------------------------------------------------------------------------------------------- // Helper methods //------------------------------------------------------------------------------------------- @@ -278,7 +283,9 @@ public class AdministrativePointIntercep schemaManager = directoryService.getSchemaManager(); nexus = directoryService.getPartitionNexus(); + // Init the At we use locally ADMINISTRATIVE_ROLE_AT = schemaManager.getAttributeType( SchemaConstants.ADMINISTRATIVE_ROLE_AT ); + ENTRY_UUID_AT = schemaManager.getAttributeType( SchemaConstants.ENTRY_UUID_AT ); // Load all the AdministratvePoint : // Autonomous Administrative Point first, then Specific @@ -404,6 +411,11 @@ public class AdministrativePointIntercep // Ok, we are golden. next.add( addContext ); + // Now, update the cache + String uuid = addContext.getEntry().get( ENTRY_UUID_AT ).getString(); + AdministrativeRole adminRole = null; + + LOG.debug( "Added an Autonomous Administrative Point at {}", entry.getDn() ); return; Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/subtree/Subentry.java URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/subtree/Subentry.java?rev=981063&r1=981062&r2=981063&view=diff ============================================================================== --- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/subtree/Subentry.java (original) +++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/subtree/Subentry.java Sat Jul 31 14:23:30 2010 @@ -6,28 +6,29 @@ * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * KIND, either express or implied. See the License for the * specific language governing permissions and limitations - * under the License. - * + * under the License. + * */ package org.apache.directory.server.core.subtree; import java.util.Set; +import org.apache.directory.shared.ldap.subtree.AdministrativeRole; import org.apache.directory.shared.ldap.subtree.SubtreeSpecification; /** * An operational view of a subentry within the system. A Subentry can have - * many types (Collective, Schema, AccessControl or Trigger) but only one + * many types (Collective, Schema, AccessControl or Trigger) but only one * Subtree Specification. * * @author Apache Directory Project @@ -36,11 +37,11 @@ public class Subentry { /** The Subtree Specification associated with this subentry */ private SubtreeSpecification ss; - + /** The administratives roles */ private Set administrativeRoles; - - + + /** * Stores the subtree * @@ -50,7 +51,7 @@ public class Subentry { this.ss = ss; } - + /** * @return The subtree specification @@ -62,7 +63,7 @@ public class Subentry /** - * + * * TODO setAdministrativeRoles. * * @param administrativeRoles @@ -77,44 +78,47 @@ public class Subentry { return administrativeRoles; } - - + + /** - * Tells if the type contains the Collective attribute Administrative Role + * Tells if the type contains the Collective attribute Administrative Role */ final boolean isCollectiveAdminRole() { - return administrativeRoles.contains( AdministrativeRole.COLLECTIVE_ADMIN_ROLE ); + return administrativeRoles.contains( AdministrativeRole.CollectiveAttributeInnerArea ) || + administrativeRoles.contains( AdministrativeRole.CollectiveAttributeSpecificArea ); } - - + + /** - * Tells if the type contains the SubSchema Administrative Role + * Tells if the type contains the SubSchema Administrative Role */ final boolean isSchemaAdminRole() { - return administrativeRoles.contains( AdministrativeRole.SUB_SCHEMA_ADMIN_ROLE ); + return administrativeRoles.contains( AdministrativeRole.SubSchemaSpecificArea ); } - - + + /** - * Tells if the type contains the Access Control Administrative Role + * Tells if the type contains the Access Control Administrative Role */ final boolean isAccessControlAdminRole() { - return administrativeRoles.contains( AdministrativeRole.ACCESS_CONTROL_ADMIN_ROLE ); + return administrativeRoles.contains( AdministrativeRole.AccessControlSpecificArea ) || + administrativeRoles.contains( AdministrativeRole.AccessControlInnerArea ); } - - + + /** - * Tells if the type contains the Triggers Administrative Role + * Tells if the type contains the Triggers Administrative Role */ final boolean isTriggersAdminRole() { - return administrativeRoles.contains( AdministrativeRole.TRIGGERS_ADMIN_ROLE ); + return administrativeRoles.contains( AdministrativeRole.TriggerExecutionSpecificArea ) || + administrativeRoles.contains( AdministrativeRole.TriggerExecutionInnerArea ); } - - + + /** * @see Object#toString() */ Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/subtree/SubentryInterceptor.java URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/subtree/SubentryInterceptor.java?rev=981063&r1=981062&r2=981063&view=diff ============================================================================== --- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/subtree/SubentryInterceptor.java (original) +++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/subtree/SubentryInterceptor.java Sat Jul 31 14:23:30 2010 @@ -6,16 +6,16 @@ * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * KIND, either express or implied. See the License for the * specific language governing permissions and limitations - * under the License. - * + * under the License. + * */ package org.apache.directory.server.core.subtree; @@ -80,6 +80,7 @@ import org.apache.directory.shared.ldap. import org.apache.directory.shared.ldap.name.DN; import org.apache.directory.shared.ldap.schema.AttributeType; import org.apache.directory.shared.ldap.schema.SchemaManager; +import org.apache.directory.shared.ldap.subtree.AdministrativeRole; import org.apache.directory.shared.ldap.subtree.SubtreeSpecification; import org.apache.directory.shared.ldap.subtree.SubtreeSpecificationParser; import org.slf4j.Logger; @@ -108,10 +109,10 @@ public class SubentryInterceptor extends /** The SubTree specification parser instance */ private SubtreeSpecificationParser ssParser; - + /** The Subtree evaluator instance */ private SubtreeEvaluator evaluator; - + /** A reference to the nexus for direct backend operations */ private PartitionNexus nexus; @@ -120,16 +121,16 @@ public class SubentryInterceptor extends /** A reference to the ObjectClass AT */ private static AttributeType OBJECT_CLASS_AT; - + /** A reference to the AdministrativeRole AT */ private static AttributeType ADMINISTRATIVE_ROLE_AT; - + /** A reference to the SubtreeSpecification AT */ private static AttributeType SUBTREE_SPECIFICATION_AT; /** A reference to the AccessControlSubentries AT */ private static AttributeType ACCESS_CONTROL_SUBENTRIES_AT; - + /** A reference to the AccessControlSubentries AT */ private static AttributeType SUBSCHEMA_SUBENTRY_AT; @@ -138,9 +139,9 @@ public class SubentryInterceptor extends /** A reference to the TriggerExecutionSubentries AT */ private static AttributeType TRIGGER_EXECUTION_SUBENTRIES_AT; - + /** An enum used for the entries update */ - private enum OperationEnum + private enum OperationEnum { ADD, REMOVE, @@ -171,7 +172,7 @@ public class SubentryInterceptor extends /** - * SearchResultFilter used to filter out normal entries but shows subentries based on + * SearchResultFilter used to filter out normal entries but shows subentries based on * objectClass values. */ public class HideEntriesFilter implements EntryFilter @@ -189,19 +190,19 @@ public class SubentryInterceptor extends } } - + //------------------------------------------------------------------------------------------- // Interceptor initialization //------------------------------------------------------------------------------------------- /** * Initialize the Subentry Interceptor - * + * * @param directoryService The DirectoryService instance */ public void init( DirectoryService directoryService ) throws LdapException { super.init( directoryService ); - + nexus = directoryService.getPartitionNexus(); schemaManager = directoryService.getSchemaManager(); @@ -215,11 +216,11 @@ public class SubentryInterceptor extends TRIGGER_EXECUTION_SUBENTRIES_AT = schemaManager.getAttributeType( SchemaConstants.TRIGGER_EXECUTION_SUBENTRIES_AT ); SUBENTRY_OPATTRS = new AttributeType[] - { - ACCESS_CONTROL_SUBENTRIES_AT, + { + ACCESS_CONTROL_SUBENTRIES_AT, SUBSCHEMA_SUBENTRY_AT, - COLLECTIVE_ATTRIBUTE_SUBENTRIES_AT, - TRIGGER_EXECUTION_SUBENTRIES_AT + COLLECTIVE_ATTRIBUTE_SUBENTRIES_AT, + TRIGGER_EXECUTION_SUBENTRIES_AT }; ssParser = new SubtreeSpecificationParser( schemaManager ); @@ -258,10 +259,10 @@ public class SubentryInterceptor extends { Entry subentry = subentries.get(); DN subentryDn = subentry.getDn(); - + String subtree = subentry.get( SUBTREE_SPECIFICATION_AT ).getString(); SubtreeSpecification ss; - + try { ss = ssParser.parse( subtree ); @@ -271,15 +272,15 @@ public class SubentryInterceptor extends LOG.warn( "Failed while parsing subtreeSpecification for " + subentryDn ); continue; } - + Subentry newSubentry = new Subentry(); - + newSubentry.setAdministrativeRoles( getSubentryAdminRoles( subentry ) ); newSubentry.setSubtreeSpecification( ss ); - + subentryCache.addSubentry( subentryDn, newSubentry ); } - + subentries.close(); } catch ( Exception e ) @@ -309,22 +310,22 @@ public class SubentryInterceptor extends if ( oc.contains( SchemaConstants.ACCESS_CONTROL_SUBENTRY_OC ) ) { - adminRoles.add( AdministrativeRole.ACCESS_CONTROL_ADMIN_ROLE ); + adminRoles.add( AdministrativeRole.AccessControlInnerArea ); } if ( oc.contains( SchemaConstants.SUBSCHEMA_OC ) ) { - adminRoles.add( AdministrativeRole.SUB_SCHEMA_ADMIN_ROLE ); + adminRoles.add( AdministrativeRole.SubSchemaSpecificArea ); } if ( oc.contains( SchemaConstants.COLLECTIVE_ATTRIBUTE_SUBENTRY_OC ) ) { - adminRoles.add( AdministrativeRole.COLLECTIVE_ADMIN_ROLE ); + adminRoles.add( AdministrativeRole.CollectiveAttributeSpecificArea ); } if ( oc.contains( ApacheSchemaConstants.TRIGGER_EXECUTION_SUBENTRY_OC ) ) { - adminRoles.add( AdministrativeRole.TRIGGERS_ADMIN_ROLE ); + adminRoles.add( AdministrativeRole.TriggerExecutionInnerArea ); } return adminRoles; @@ -350,7 +351,7 @@ public class SubentryInterceptor extends if ( opContext.hasRequestControl( SUBENTRY_CONTROL ) ) { SubentriesControl subentriesControl = ( SubentriesControl ) opContext.getRequestControl( SUBENTRY_CONTROL ); - + return subentriesControl.isVisible(); } @@ -358,7 +359,7 @@ public class SubentryInterceptor extends } /** - * Update all the entries under an AP adding the + * Update all the entries under an AP adding the */ private void updateEntries( OperationEnum operation, CoreSession session, DN subentryDn, DN apDn, SubtreeSpecification ss, DN baseDn, List operationalAttributes ) throws LdapException { @@ -380,17 +381,17 @@ public class SubentryInterceptor extends { Entry candidate = subentries.get(); DN candidateDn = candidate.getDn(); - + if ( evaluator.evaluate( ss, apDn, candidateDn, candidate ) ) { List modifications = null; - + switch ( operation ) { case ADD : modifications = getOperationalModsForAdd( candidate, operationalAttributes ); break; - + case REMOVE : modifications = getOperationalModsForRemove( subentryDn, candidate ); break; @@ -401,7 +402,7 @@ public class SubentryInterceptor extends break; */ } - + LOG.debug( "The entry {} has been evaluated to true for subentry {}", candidate.getDn(), subentryDn ); nexus.modify( new ModifyOperationContext( session, candidateDn, modifications ) ); } @@ -413,25 +414,25 @@ public class SubentryInterceptor extends } } - + /** * Checks if the given DN is a namingContext */ private boolean isNamingContext( DN dn ) throws LdapException { DN namingContext = nexus.findSuffix( dn ); - + return dn.equals( namingContext ); } - - + + /** * Get the administrativePoint role */ private void checkAdministrativeRole( OperationContext opContext, DN apDn ) throws LdapException { Entry administrationPoint = opContext.lookup( apDn, ByPassConstants.LOOKUP_BYPASS ); - + // The administrativeRole AT must exist and not be null EntryAttribute administrativeRole = administrationPoint.get( ADMINISTRATIVE_ROLE_AT ); @@ -442,8 +443,8 @@ public class SubentryInterceptor extends throw new LdapNoSuchAttributeException( I18n.err( I18n.ERR_306, apDn ) ); } } - - + + /** * Get the SubtreeSpecification, parse it and stores it into the subentry */ @@ -462,10 +463,10 @@ public class SubentryInterceptor extends LOG.warn( msg ); throw new LdapInvalidAttributeValueException( ResultCodeEnum.INVALID_ATTRIBUTE_SYNTAX, msg ); } - + subentry.setSubtreeSpecification( ss ); } - + /** * Checks to see if an entry being renamed has a descendant that is an @@ -489,7 +490,7 @@ public class SubentryInterceptor extends EntryFilteringCursor aps = nexus.search( searchOperationContext ); try - { + { if ( aps.next() ) { aps.close(); @@ -500,7 +501,7 @@ public class SubentryInterceptor extends { throw new LdapOperationException( e.getMessage() ); } - + return false; } @@ -616,8 +617,8 @@ public class SubentryInterceptor extends attrs.put( ocFinalState ); return getSubentryAdminRoles( attrs ); } - - + + /** * Update the list of modifications with a modification associated with a specific * role, if it's requested. @@ -654,7 +655,7 @@ public class SubentryInterceptor extends throws Exception { List modifications = new ArrayList(); - + getOperationalModForReplace( subentry.isAccessControlAdminRole(), ACCESS_CONTROL_SUBENTRIES_AT, entry, oldDn, newDn, modifications ); getOperationalModForReplace( subentry.isSchemaAdminRole(), SUBSCHEMA_SUBENTRY_AT, entry, oldDn, newDn, modifications ); getOperationalModForReplace( subentry.isCollectiveAdminRole(), COLLECTIVE_ATTRIBUTE_SUBENTRIES_AT, entry, oldDn, newDn, modifications ); @@ -677,19 +678,19 @@ public class SubentryInterceptor extends EntryAttribute accessControlSubentries = new DefaultEntryAttribute( ACCESS_CONTROL_SUBENTRIES_AT, dn.getNormName() ); attributes.add( accessControlSubentries ); } - + if ( subentry.isSchemaAdminRole() ) { EntryAttribute subschemaSubentry = new DefaultEntryAttribute( SUBSCHEMA_SUBENTRY_AT, dn.getNormName() ); attributes.add( subschemaSubentry ); } - + if ( subentry.isCollectiveAdminRole() ) { EntryAttribute collectiveAttributeSubentries = new DefaultEntryAttribute( COLLECTIVE_ATTRIBUTE_SUBENTRIES_AT, dn.getNormName() ); attributes.add( collectiveAttributeSubentries ); } - + if ( subentry.isTriggersAdminRole() ) { EntryAttribute tiggerExecutionSubentries = new DefaultEntryAttribute( TRIGGER_EXECUTION_SUBENTRIES_AT, dn.getNormName() ); @@ -749,16 +750,16 @@ public class SubentryInterceptor extends for ( EntryAttribute operationalAttribute : operationalAttributes ) { EntryAttribute opAttrInEntry = entry.get( operationalAttribute.getAttributeType() ); - + if ( ( opAttrInEntry != null ) && ( opAttrInEntry.size() > 0 ) ) { EntryAttribute newOperationalAttribute = operationalAttribute.clone(); - + for ( Value value : opAttrInEntry ) { newOperationalAttribute.add( value ); } - + modifications.add( new DefaultModification( ModificationOperation.REPLACE_ATTRIBUTE, newOperationalAttribute ) ); } else @@ -769,10 +770,10 @@ public class SubentryInterceptor extends return modifications; } - + /** - * Get the list of modification to apply to all the entries + * Get the list of modification to apply to all the entries */ private List getModsOnEntryModification( DN name, Entry oldEntry, Entry newEntry ) throws LdapException { @@ -827,10 +828,10 @@ public class SubentryInterceptor extends return modList; } - - + + /** - * Update the Operational Attribute with the reference to the subentry + * Update the Operational Attribute with the reference to the subentry */ private void setOperationalAttribute( Entry entry, DN subentryDn, AttributeType opAttr) throws LdapException { @@ -845,7 +846,7 @@ public class SubentryInterceptor extends operational.add( subentryDn.getNormName() ); } - + //------------------------------------------------------------------------------------------- // Interceptor API methods //------------------------------------------------------------------------------------------- @@ -868,7 +869,7 @@ public class SubentryInterceptor extends // Not allowed : we can't get a parent in those cases throw new LdapOtherException( "Cannot find an AdministrativePoint for " + dn ); } - + // Get the administrativePoint role : we must have one immediately // upper DN apDn = dn.getParent(); @@ -909,7 +910,7 @@ public class SubentryInterceptor extends */ DN baseDn = apDn; baseDn = baseDn.addAll( subentry.getSubtreeSpecification().getBase() ); - + updateEntries( OperationEnum.ADD, addContext.getSession(), dn, apDn, subentry.getSubtreeSpecification(), baseDn, operationalAttributes ); // Store the newly modified entry into the context for later use in interceptor @@ -927,33 +928,33 @@ public class SubentryInterceptor extends for ( DN subentryDn : subentryCache ) { DN apDn = subentryDn.getParent(); - + // No need to evaluate the entry if it's not below an AP. if ( dn.isChildOf( apDn ) ) { Subentry subentry = subentryCache.getSubentry( subentryDn ); SubtreeSpecification ss = subentry.getSubtreeSpecification(); - + // Now, evaluate the entry wrt the subentry ss // and inject a ref to the subentry if it evaluates to true if ( evaluator.evaluate( ss, apDn, dn, entry ) ) { - + if ( subentry.isAccessControlAdminRole() ) { setOperationalAttribute( entry, subentryDn, ACCESS_CONTROL_SUBENTRIES_AT ); } - + if ( subentry.isSchemaAdminRole() ) { setOperationalAttribute( entry, subentryDn, SUBSCHEMA_SUBENTRY_AT ); } - + if ( subentry.isCollectiveAdminRole() ) { setOperationalAttribute( entry, subentryDn, COLLECTIVE_ATTRIBUTE_SUBENTRIES_AT ); } - + if ( subentry.isTriggersAdminRole() ) { setOperationalAttribute( entry, subentryDn, TRIGGER_EXECUTION_SUBENTRIES_AT ); @@ -971,7 +972,7 @@ public class SubentryInterceptor extends } } - + /** * {@inheritDoc} */ @@ -985,7 +986,7 @@ public class SubentryInterceptor extends if ( entry.contains( OBJECT_CLASS_AT, SchemaConstants.SUBENTRY_OC ) ) { Subentry removedSubentry = subentryCache.getSubentry( dn ); - + /* ---------------------------------------------------------------- * Find the baseDn for the subentry and use that to search the tree * for all entries included by the subtreeSpecification. Then we @@ -1014,7 +1015,7 @@ public class SubentryInterceptor extends } } - + /** * {@inheritDoc} */ @@ -1041,7 +1042,7 @@ public class SubentryInterceptor extends List modifications = modifyContext.getModItems(); Entry entry = modifyContext.getEntry(); - + // We have three types of modifications : // 1) A modification applied on a normal entry // 2) A modification done on a subentry (the entry will have a 'subentry' ObjectClass) @@ -1062,7 +1063,7 @@ public class SubentryInterceptor extends break; } } - + boolean containsSubentryOC = entry.contains( OBJECT_CLASS_AT, SchemaConstants.SUBENTRY_OC ); // Check if we have a modified subentry attribute in a Subentry entry @@ -1086,14 +1087,14 @@ public class SubentryInterceptor extends subentry.setSubtreeSpecification( ssNew ); subentry.setAdministrativeRoles( getSubentryTypes( entry, modifications ) ); subentryCache.addSubentry( dn, subentry ); - + next.modify( modifyContext ); // search for all entries selected by the old SS and remove references to subentry DN apName = dn.getParent(); DN oldBaseDn = apName; oldBaseDn = oldBaseDn.addAll( ssOld.getBase() ); - + ExprNode filter = new PresenceNode( OBJECT_CLASS_AT ); SearchControls controls = new SearchControls(); controls.setSearchScope( SearchControls.SUBTREE_SCOPE ); @@ -1112,7 +1113,7 @@ public class SubentryInterceptor extends { Entry candidate = subentries.get(); DN candidateDn = candidate.getDn(); - + if ( evaluator.evaluate( ssOld, apName, candidateDn, candidate ) ) { nexus.modify( new ModifyOperationContext( modifyContext.getSession(), candidateDn, @@ -1142,7 +1143,7 @@ public class SubentryInterceptor extends { Entry candidate = subentries.get(); DN candidateDn = candidate.getDn(); - + if ( evaluator.evaluate( ssNew, apName, candidateDn, candidate ) ) { nexus.modify( new ModifyOperationContext( modifyContext.getSession(), candidateDn, @@ -1161,7 +1162,7 @@ public class SubentryInterceptor extends if ( !containsSubentryOC ) { - Entry newEntry = modifyContext.getAlteredEntry(); + Entry newEntry = modifyContext.getAlteredEntry(); List subentriesOpAttrMods = getModsOnEntryModification( dn, entry, newEntry ); @@ -1183,7 +1184,7 @@ public class SubentryInterceptor extends * Case 1 :
* A normal entry (ie, not a subentry or an AP) may be part of some administrative areas. * We have to remove the references to the associated areas if the entry gets out of them.
- * This entry can also be moved to some other administrative area, and it should then be + * This entry can also be moved to some other administrative area, and it should then be * updated to point to the associated subentries. *

* There is one preliminary condition : If the entry has a descendant which is an @@ -1196,8 +1197,8 @@ public class SubentryInterceptor extends * selected by the new subtreeSpecification by adding a reference to the subentry into them. *

* Case 3 :
- * - * + * + * * @param next The next interceptor in the chain * @param moveContext The context containing all the needed informations to proceed * @throws LdapException If the move failed @@ -1215,7 +1216,7 @@ public class SubentryInterceptor extends // o Check that there is a new AP where we move the subentry // o Remove the op Attr from all the entry selected by the subentry // o Add the op Attr in all the selected entry by the subentry - + // If we move it, we have to check that // the new parent is an AP checkAdministrativeRole( moveContext, newSuperiorDn ); @@ -1230,7 +1231,7 @@ public class SubentryInterceptor extends newName.normalize( schemaManager.getNormalizerMapping() ); subentryCache.addSubentry( newName, subentry ); - + next.move( moveContext ); subentry = subentryCache.getSubentry( newName ); @@ -1255,14 +1256,14 @@ public class SubentryInterceptor extends Entry candidate = subentries.get(); DN dn = candidate.getDn(); dn.normalize( schemaManager.getNormalizerMapping() ); - + if ( evaluator.evaluate( ss, apName, dn, candidate ) ) { nexus.modify( new ModifyOperationContext( moveContext.getSession(), dn, getOperationalModsForReplace( oldDn, newName, subentry, candidate ) ) ); } } - + subentries.close(); } catch ( Exception e ) @@ -1275,7 +1276,7 @@ public class SubentryInterceptor extends // A normal entry. It may be part of a SubtreeSpecifciation. In this // case, we have to update the opAttrs (removing old ones and adding the // new ones) - + // First, an moved entry which has an AP in one of its descendant // can't be moved. if ( hasAdministrativeDescendant( moveContext, oldDn ) ) @@ -1322,7 +1323,7 @@ public class SubentryInterceptor extends newName.normalize( schemaManager.getNormalizerMapping() ); subentryCache.addSubentry( newName, subentry ); - + next.moveAndRename( moveAndRenameContext ); subentry = subentryCache.getSubentry( newName ); @@ -1346,14 +1347,14 @@ public class SubentryInterceptor extends Entry candidate = subentries.get(); DN dn = candidate.getDn(); dn.normalize( schemaManager.getNormalizerMapping() ); - + if ( evaluator.evaluate( ss, apName, dn, candidate ) ) { nexus.modify( new ModifyOperationContext( moveAndRenameContext.getSession(), dn, getOperationalModsForReplace( oldDn, newName, subentry, candidate ) ) ); } } - + subentries.close(); } catch ( Exception e ) @@ -1427,14 +1428,14 @@ public class SubentryInterceptor extends Entry candidate = subentries.get(); DN dn = candidate.getDn(); dn.normalize( schemaManager.getNormalizerMapping() ); - + if ( evaluator.evaluate( ss, apName, dn, candidate ) ) { nexus.modify( new ModifyOperationContext( renameContext.getSession(), dn, getOperationalModsForReplace( oldDn, newName, subentry, candidate ) ) ); } } - + subentries.close(); } catch ( Exception e ) @@ -1534,7 +1535,7 @@ public class SubentryInterceptor extends operational.add( subentryDn.getNormName() ); } - + if ( subentry.isSchemaAdminRole() ) { operational = subentryAttrs.get( SUBSCHEMA_SUBENTRY_AT ); @@ -1547,7 +1548,7 @@ public class SubentryInterceptor extends operational.add( subentryDn.getNormName() ); } - + if ( subentry.isCollectiveAdminRole() ) { operational = subentryAttrs.get( COLLECTIVE_ATTRIBUTE_SUBENTRIES_AT ); @@ -1560,7 +1561,7 @@ public class SubentryInterceptor extends operational.add( subentryDn.getNormName() ); } - + if ( subentry.isTriggersAdminRole() ) { operational = subentryAttrs.get( TRIGGER_EXECUTION_SUBENTRIES_AT ); Added: directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/subtree/AdministrativeRole.java URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/subtree/AdministrativeRole.java?rev=981063&view=auto ============================================================================== --- directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/subtree/AdministrativeRole.java (added) +++ directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/subtree/AdministrativeRole.java Sat Jul 31 14:23:30 2010 @@ -0,0 +1,73 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ +package org.apache.directory.shared.ldap.subtree; + +import org.apache.directory.shared.ldap.util.StringTools; + +/** +* +* @author Apache Directory Project +*/ +public enum AdministrativeRole +{ + /** The AutonomousArea role */ + AutonomousArea( "autonomousArea" ), + + /** The AccessControlSpecificArea role */ + AccessControlSpecificArea( "accessControlSpecificArea" ), + + /** The AccessControlInnerArea role */ + AccessControlInnerArea( "accessControlInnerArea" ), + + /** The CollectiveAttributeSpecificArea role */ + CollectiveAttributeSpecificArea( "collectiveAttributeSpecificArea" ), + + /** The CollectiveAttributeInnerArea role */ + CollectiveAttributeInnerArea( "collectiveAttributeInnerArea" ), + + /** The SubSchemaSpecificArea role */ + SubSchemaSpecificArea( "subSchemaSpecificArea" ), + + /** The TriggerExecutionSpecificArea role */ + TriggerExecutionSpecificArea( "triggerExecutionSpecificArea" ), + + /** The TriggerExecutionInnerArea role */ + TriggerExecutionInnerArea( "triggerExecutionInnerArea" ); + + /** The AdministrativeRole as a String */ + private String role; + + /** + * Creates an instance of AdministrativeRole + */ + private AdministrativeRole( String role ) + { + this.role = StringTools.toLowerCase( StringTools.trim( role ) ); + } + + + /** + * @return The AdministrativeRole as a String + */ + public String getRole() + { + return role; + } +}