directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kayyag...@apache.org
Subject svn commit: r987611 [3/13] - in /directory/apacheds/trunk: ./ all/ core-annotations/ core-api/ core-api/src/main/java/org/apache/directory/server/core/ core-api/src/main/java/org/apache/directory/server/core/event/ core-api/src/main/java/org/apache/dir...
Date Fri, 20 Aug 2010 19:32:02 GMT
Modified: directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AuthzAuthnIT.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AuthzAuthnIT.java?rev=987611&r1=987610&r2=987611&view=diff
==============================================================================
--- directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AuthzAuthnIT.java (original)
+++ directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AuthzAuthnIT.java Fri Aug 20 19:31:58 2010
@@ -28,11 +28,11 @@ import static org.junit.Assert.assertNot
 import static org.junit.Assert.assertNull;
 
 import org.apache.directory.ldap.client.api.LdapConnection;
-import org.apache.directory.ldap.client.api.message.SearchResultEntry;
 import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
 import org.apache.directory.server.core.integ.FrameworkRunner;
 import org.apache.directory.server.core.integ.IntegrationUtils;
 import org.apache.directory.shared.ldap.entry.Entry;
+import org.apache.directory.shared.ldap.message.SearchResultEntry;
 import org.apache.directory.shared.ldap.name.DN;
 import org.junit.After;
 import org.junit.Before;
@@ -46,7 +46,7 @@ import org.junit.runner.RunWith;
  *
  * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
  */
-@RunWith ( FrameworkRunner.class )
+@RunWith(FrameworkRunner.class)
 public class AuthzAuthnIT extends AbstractLdapTestUnit
 {
 
@@ -56,15 +56,15 @@ public class AuthzAuthnIT extends Abstra
         AutzIntegUtils.service = service;
         service.setAccessControlEnabled( true );
     }
-    
-    
+
+
     @After
     public void closeConnections()
     {
         IntegrationUtils.closeConnections();
     }
-    
-    
+
+
     /**
      * Checks to make sure a user can authenticate with RootDSE as the
      * provider URL without need of any access control permissions.
@@ -76,15 +76,15 @@ public class AuthzAuthnIT extends Abstra
     {
         createUser( "billyd", "billyd" );
 
-        DN userName = new DN( "uid=billyd,ou=users,ou=system" ); 
+        DN userName = new DN( "uid=billyd,ou=users,ou=system" );
         // Authenticate to RootDSE
         LdapConnection connection = getConnectionAs( userName, "billyd" );
         Entry entry = ( ( SearchResultEntry ) connection.lookup( "" ) ).getEntry();
         assertNotNull( entry );
         assertEquals( 0, entry.getDn().size() );
     }
-    
-    
+
+
     /**
      * Checks to make sure a user cannot authenticate with a naming context
      * as the provider URL if it does not have appropriate Browse permissions.
@@ -95,54 +95,41 @@ public class AuthzAuthnIT extends Abstra
     public void testAuthnFailsWithSystemPartition() throws Exception
     {
         createUser( "billyd", "billyd" );
-        
-        DN userName = new DN( "uid=billyd,ou=users,ou=system" ); 
+
+        DN userName = new DN( "uid=billyd,ou=users,ou=system" );
         LdapConnection connection = getConnectionAs( userName, "billyd" );
         SearchResultEntry entry = ( SearchResultEntry ) connection.lookup( "ou=system" );
         assertNull( entry );
     }
-    
-    
+
+
     /**
      * Checks to make sure a user can authenticate with a naming context
      * as the provider URL if it has appropriate Browse permissions.
      *
      * @throws Exception if the test encounters an error
      */
-    @Ignore( "This test is not failing but I want to make sure that this test case is equivalent to its prior JNDI based impl, so ignoring this to get attention" )
+    @Ignore("This test is not failing but I want to make sure that this test case is equivalent to its prior JNDI based impl, so ignoring this to get attention")
     @Test
     public void testAuthnPassesWithSystemPartition() throws Exception
     {
         createUser( "billyd", "billyd" );
-        
+
         // Create ACI with minimum level of required privileges:
         // Only for user "uid=billyd,ou=users,ou=system"
         // Only to The entry "ou=system"
         // Only Browse permission
         // Note: In order to read contents of the bound context
         //       user will need appropriate Read permissions.
-        createAccessControlSubentry(
-            "grantBrowseForTheWholeNamingContext",
-            "{ maximum 0 }", // !!!!! Replace this with "{ minimum 1 }" for practicing !
-            "{ " + 
-            "  identificationTag \"browseACI\", " +
-            "  precedence 14, " + 
-            "  authenticationLevel none, " + 
-            "  itemOrUserFirst userFirst: " +
-            "  { " +
-            "    userClasses { name { \"uid=billyd,ou=users,ou=system\" } }, " + 
-            "    userPermissions " +
-            "    { " +
-            "      { " +
-            "        protectedItems { entry }, " +
-            "        grantsAndDenials { grantBrowse } " +
-            "      } " +
-            "    } " +
-            "  } " +
-            "}" );
-        
-        DN userName = new DN( "uid=billyd,ou=users,ou=system" ); 
-        
+        createAccessControlSubentry( "grantBrowseForTheWholeNamingContext", "{ maximum 0 }", // !!!!! Replace this with "{ minimum 1 }" for practicing !
+            "{ " + "  identificationTag \"browseACI\", " + "  precedence 14, " + "  authenticationLevel none, "
+                + "  itemOrUserFirst userFirst: " + "  { "
+                + "    userClasses { name { \"uid=billyd,ou=users,ou=system\" } }, " + "    userPermissions "
+                + "    { " + "      { " + "        protectedItems { entry }, "
+                + "        grantsAndDenials { grantBrowse } " + "      } " + "    } " + "  } " + "}" );
+
+        DN userName = new DN( "uid=billyd,ou=users,ou=system" );
+
         LdapConnection connection = getConnectionAs( userName, "billyd" );
         SearchResultEntry entry = ( SearchResultEntry ) connection.lookup( "ou=system" );
         assertNull( entry );

Modified: directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AutzIntegUtils.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AutzIntegUtils.java?rev=987611&r1=987610&r2=987611&view=diff
==============================================================================
--- directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AutzIntegUtils.java (original)
+++ directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AutzIntegUtils.java Fri Aug 20 19:31:58 2010
@@ -21,9 +21,6 @@ package org.apache.directory.server.core
 
 
 import org.apache.directory.ldap.client.api.LdapConnection;
-import org.apache.directory.ldap.client.api.message.AddResponse;
-import org.apache.directory.ldap.client.api.message.ModifyRequest;
-import org.apache.directory.ldap.client.api.message.SearchResultEntry;
 import org.apache.directory.server.constants.ServerDNConstants;
 import org.apache.directory.server.core.DirectoryService;
 import org.apache.directory.server.core.integ.IntegrationUtils;
@@ -31,7 +28,11 @@ import org.apache.directory.shared.ldap.
 import org.apache.directory.shared.ldap.entry.DefaultEntry;
 import org.apache.directory.shared.ldap.entry.Entry;
 import org.apache.directory.shared.ldap.entry.EntryAttribute;
+import org.apache.directory.shared.ldap.message.AddResponse;
+import org.apache.directory.shared.ldap.message.ModifyRequest;
+import org.apache.directory.shared.ldap.message.ModifyRequestImpl;
 import org.apache.directory.shared.ldap.message.ResultCodeEnum;
+import org.apache.directory.shared.ldap.message.SearchResultEntry;
 import org.apache.directory.shared.ldap.name.DN;
 
 
@@ -45,6 +46,7 @@ public class AutzIntegUtils
 {
     public static DirectoryService service;
 
+
     // -----------------------------------------------------------------------
     // Utility methods used by subclasses
     // -----------------------------------------------------------------------
@@ -176,7 +178,8 @@ public class AutzIntegUtils
     {
         LdapConnection connection = getAdminConnection();
 
-        ModifyRequest modReq = new ModifyRequest( new DN( "cn=" + groupCn + ",ou=groups,ou=system" ) );
+        ModifyRequest modReq = new ModifyRequestImpl();
+        modReq.setName( new DN( "cn=" + groupCn + ",ou=groups,ou=system" ) );
         modReq.add( SchemaConstants.UNIQUE_MEMBER_AT, "uid=" + userUid + ",ou=users,ou=system" );
 
         connection.modify( modReq ).getLdapResult().getResultCode();
@@ -192,7 +195,8 @@ public class AutzIntegUtils
      */
     public static void removeUserFromGroup( String userUid, String groupCn ) throws Exception
     {
-        ModifyRequest modReq = new ModifyRequest( new DN( "cn=" + groupCn + ",ou=groups,ou=system" ) );
+        ModifyRequest modReq = new ModifyRequestImpl();
+        modReq.setName( new DN( "cn=" + groupCn + ",ou=groups,ou=system" ) );
         modReq.remove( SchemaConstants.UNIQUE_MEMBER_AT, "uid=" + userUid + ",ou=users,ou=system" );
         getAdminConnection().modify( modReq );
     }
@@ -240,7 +244,8 @@ public class AutzIntegUtils
 
         if ( administrativeRole == null || !administrativeRole.contains( "accessControlSpecificArea" ) )
         {
-            ModifyRequest modReq = new ModifyRequest( systemEntry.getDn() );
+            ModifyRequest modReq = new ModifyRequestImpl();
+            modReq.setName( systemEntry.getDn() );
             modReq.add( "administrativeRole", "accessControlSpecificArea" );
             connection.modify( modReq );
         }
@@ -269,7 +274,8 @@ public class AutzIntegUtils
     public static void addEntryACI( DN dn, String aciItem ) throws Exception
     {
         // modify the entry relative to ou=system to include the aciItem
-        ModifyRequest modReq = new ModifyRequest( dn );
+        ModifyRequest modReq = new ModifyRequestImpl();
+        modReq.setName( dn );
         modReq.add( "entryACI", aciItem );
 
         getAdminConnection().modify( modReq );
@@ -285,7 +291,8 @@ public class AutzIntegUtils
     public static void addSubentryACI( String aciItem ) throws Exception
     {
         // modify the entry relative to ou=system to include the aciItem
-        ModifyRequest modReq = new ModifyRequest( new DN( "ou=system" ) );
+        ModifyRequest modReq = new ModifyRequestImpl();
+        modReq.setName( new DN( "ou=system" ) );
         modReq.add( "subentryACI", aciItem );
         getAdminConnection().modify( modReq );
     }
@@ -301,15 +308,17 @@ public class AutzIntegUtils
      */
     public static void changePresciptiveACI( String cn, String aciItem ) throws Exception
     {
-        ModifyRequest req = new ModifyRequest( new DN( "cn=" + cn + "," + ServerDNConstants.SYSTEM_DN ) );
-        req.replace( "prescriptiveACI", aciItem );
-        getAdminConnection().modify( req );
+        ModifyRequest modReq = new ModifyRequestImpl();
+        modReq.setName( new DN( "cn=" + cn + "," + ServerDNConstants.SYSTEM_DN ) );
+        modReq.replace( "prescriptiveACI", aciItem );
+        getAdminConnection().modify( modReq );
     }
 
 
     public static void addPrescriptiveACI( String cn, String aciItem ) throws Exception
     {
-        ModifyRequest modReq = new ModifyRequest( new DN( "cn=" + cn + "," + ServerDNConstants.SYSTEM_DN ) );
+        ModifyRequest modReq = new ModifyRequestImpl();
+        modReq.setName( new DN( "cn=" + cn + "," + ServerDNConstants.SYSTEM_DN ) );
         modReq.add( "prescriptiveACI", aciItem );
         getAdminConnection().modify( modReq );
     }

Modified: directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/CompareAuthorizationIT.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/CompareAuthorizationIT.java?rev=987611&r1=987610&r2=987611&view=diff
==============================================================================
--- directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/CompareAuthorizationIT.java (original)
+++ directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/CompareAuthorizationIT.java Fri Aug 20 19:31:58 2010
@@ -30,7 +30,6 @@ import static org.junit.Assert.assertFal
 import static org.junit.Assert.assertTrue;
 
 import org.apache.directory.ldap.client.api.LdapConnection;
-import org.apache.directory.ldap.client.api.message.CompareResponse;
 import org.apache.directory.server.core.annotations.CreateDS;
 import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
 import org.apache.directory.server.core.integ.FrameworkRunner;
@@ -38,6 +37,7 @@ import org.apache.directory.server.core.
 import org.apache.directory.shared.ldap.constants.SchemaConstants;
 import org.apache.directory.shared.ldap.entry.DefaultEntry;
 import org.apache.directory.shared.ldap.entry.Entry;
+import org.apache.directory.shared.ldap.message.CompareResponse;
 import org.apache.directory.shared.ldap.message.ResultCodeEnum;
 import org.apache.directory.shared.ldap.name.DN;
 import org.junit.After;
@@ -51,8 +51,8 @@ import org.junit.runner.RunWith;
  *
  * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
  */
-@RunWith ( FrameworkRunner.class )
-@CreateDS( enableAccessControl=true )
+@RunWith(FrameworkRunner.class)
+@CreateDS(enableAccessControl = true)
 public class CompareAuthorizationIT extends AbstractLdapTestUnit
 {
 
@@ -61,15 +61,15 @@ public class CompareAuthorizationIT exte
     {
         AutzIntegUtils.service = service;
     }
-    
-    
+
+
     @After
     public void closeConnections()
     {
         IntegrationUtils.closeConnections();
     }
-    
-    
+
+
     /**
      * Checks if an attribute of a simple entry (an organizationalUnit's telephoneNumber)
      * with an RDN relative to ou=system can be compared by a specific non-admin user.
@@ -95,7 +95,7 @@ public class CompareAuthorizationIT exte
 
         DN entryDN = new DN( entryRdn + ",ou=system" );
         boolean result = true;
-        
+
         // create the entry with the telephoneNumber attribute to compare
         Entry testEntry = new DefaultEntry( entryDN );
         testEntry.add( SchemaConstants.OBJECT_CLASS_AT, "organizationalUnit" );
@@ -106,18 +106,18 @@ public class CompareAuthorizationIT exte
 
         // create the entry as admin
         adminConnection.add( testEntry );
-        
+
         DN userName = new DN( "uid=" + uid + ",ou=users,ou=system" );
         // compare the telephone numbers
         LdapConnection userConnection = getConnectionAs( userName, password );
         CompareResponse resp = userConnection.compare( entryDN, "telephoneNumber", number );
-        
+
         // don't set based on compare result success/failure but based on whether the op was permitted or not
-        if( resp.getLdapResult().getResultCode() == ResultCodeEnum.INSUFFICIENT_ACCESS_RIGHTS )
+        if ( resp.getLdapResult().getResultCode() == ResultCodeEnum.INSUFFICIENT_ACCESS_RIGHTS )
         {
             result = false;
         }
-        
+
         // let's clean up
         adminConnection.delete( entryRdn );
 
@@ -141,23 +141,12 @@ public class CompareAuthorizationIT exte
 
         // Gives grantCompare, and grantRead perm to all users in the Administrators group for
         // entries and all attribute types and values
-        createAccessControlSubentry( "administratorAdd", 
-            "{ " +
-            "  identificationTag \"addAci\", " +
-            "  precedence 14, " +
-            "  authenticationLevel none, " + 
-            "  itemOrUserFirst userFirst: " +
-            "  { " +
-            "    userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }" +
-            "    userPermissions " +
-            "    { " +
-            "      { " +
-            "        protectedItems { entry, allUserAttributeTypesAndValues }, " +
-            "        grantsAndDenials { grantCompare, grantRead, grantBrowse } " +
-            "      } " +
-            "    } " +
-            "  } " +
-            "}" );
+        createAccessControlSubentry( "administratorAdd", "{ " + "  identificationTag \"addAci\", "
+            + "  precedence 14, " + "  authenticationLevel none, " + "  itemOrUserFirst userFirst: " + "  { "
+            + "    userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }" + "    userPermissions "
+            + "    { " + "      { " + "        protectedItems { entry, allUserAttributeTypesAndValues }, "
+            + "        grantsAndDenials { grantCompare, grantRead, grantBrowse } " + "      } " + "    } " + "  } "
+            + "}" );
 
         // see if we can now add that test entry which we could not before
         // add op should still fail since billd is not in the admin group
@@ -186,23 +175,12 @@ public class CompareAuthorizationIT exte
         assertFalse( checkCanCompareTelephoneNumberAs( "billyd", "billyd", "ou=testou", "867-5309" ) );
 
         // now add a subentry that enables user billyd to compare an entry below ou=system
-        createAccessControlSubentry( "billydAdd", 
-            "{ " +
-            "  identificationTag \"addAci\", " +
-            "  precedence 14, " +
-            "  authenticationLevel none, " +
-            "  itemOrUserFirst userFirst: " + 
-            "  { " +
-            "    userClasses { name { \"uid=billyd,ou=users,ou=system\" } }, " +
-            "    userPermissions " +
-            "    { " +
-            "      { " +
-            "        protectedItems { entry, allUserAttributeTypesAndValues }, " +
-            "        grantsAndDenials { grantCompare, grantRead, grantBrowse } " +
-            "      } " +
-            "    } " +
-            "  } " +
-            "}" );
+        createAccessControlSubentry( "billydAdd", "{ " + "  identificationTag \"addAci\", " + "  precedence 14, "
+            + "  authenticationLevel none, " + "  itemOrUserFirst userFirst: " + "  { "
+            + "    userClasses { name { \"uid=billyd,ou=users,ou=system\" } }, " + "    userPermissions " + "    { "
+            + "      { " + "        protectedItems { entry, allUserAttributeTypesAndValues }, "
+            + "        grantsAndDenials { grantCompare, grantRead, grantBrowse } " + "      } " + "    } " + "  } "
+            + "}" );
 
         // should work now that billyd is authorized by name
         assertTrue( checkCanCompareTelephoneNumberAs( "billyd", "billyd", "ou=testou", "867-5309" ) );
@@ -224,27 +202,13 @@ public class CompareAuthorizationIT exte
         assertFalse( checkCanCompareTelephoneNumberAs( "billyd", "billyd", "ou=testou", "867-5309" ) );
 
         // now add a subentry that enables user billyd to compare an entry below ou=system
-        createAccessControlSubentry( 
-            "billyAddBySubtree", 
-            "{ " + 
-            "  identificationTag \"addAci\", " + 
-            "  precedence 14, " +
-            "  authenticationLevel none, " + 
-            "  itemOrUserFirst userFirst: " +
-            "  { " +
-            "    userClasses " +
-            "    { " +
-            "      subtree { { base \"ou=users,ou=system\" } } " +
-            "    }, " + 
-            "    userPermissions " +
-            "    { " +
-            "        { " +
-            "        protectedItems {entry, allUserAttributeTypesAndValues}, " +
-            "        grantsAndDenials { grantCompare, grantRead, grantBrowse } " +
-            "      } " +
-            "    } " +
-            "  } " +
-            "}" );
+        createAccessControlSubentry( "billyAddBySubtree", "{ " + "  identificationTag \"addAci\", "
+            + "  precedence 14, " + "  authenticationLevel none, " + "  itemOrUserFirst userFirst: " + "  { "
+            + "    userClasses " + "    { " + "      subtree { { base \"ou=users,ou=system\" } } " + "    }, "
+            + "    userPermissions " + "    { " + "        { "
+            + "        protectedItems {entry, allUserAttributeTypesAndValues}, "
+            + "        grantsAndDenials { grantCompare, grantRead, grantBrowse } " + "      } " + "    } " + "  } "
+            + "}" );
 
         // should work now that billyd is authorized by the subtree userClass
         assertTrue( checkCanCompareTelephoneNumberAs( "billyd", "billyd", "ou=testou", "867-5309" ) );
@@ -266,24 +230,12 @@ public class CompareAuthorizationIT exte
         assertFalse( checkCanCompareTelephoneNumberAs( "billyd", "billyd", "ou=testou", "867-5309" ) );
 
         // now add a subentry that enables anyone to add an entry below ou=system
-        createAccessControlSubentry( 
-            "anybodyAdd", 
-            "{ " + 
-            "  identificationTag \"addAci\", " + 
-            "  precedence 14, " +
-            "  authenticationLevel none, " + 
-            "  itemOrUserFirst userFirst: " +
-            "  { " + 
-            "    userClasses { allUsers }, " +
-            "    userPermissions " +
-            "    { " +
-            "      { " + 
-            "        protectedItems {entry, allUserAttributeTypesAndValues}, " +
-            "        grantsAndDenials { grantCompare, grantRead, grantBrowse } " +
-            "      } " +
-            "    } " +
-            "  } " +
-            "}" );
+        createAccessControlSubentry( "anybodyAdd", "{ " + "  identificationTag \"addAci\", " + "  precedence 14, "
+            + "  authenticationLevel none, " + "  itemOrUserFirst userFirst: " + "  { "
+            + "    userClasses { allUsers }, " + "    userPermissions " + "    { " + "      { "
+            + "        protectedItems {entry, allUserAttributeTypesAndValues}, "
+            + "        grantsAndDenials { grantCompare, grantRead, grantBrowse } " + "      } " + "    } " + "  } "
+            + "}" );
 
         // see if we can now compare that test entry's number which we could not before
         // should work with billyd now that all users are authorized
@@ -307,7 +259,7 @@ public class CompareAuthorizationIT exte
         adminCtx.add( user );
 
         CompareResponse resp = adminCtx.compare( userDN, "userPassword", "bobspassword" );
-        assertEquals(  ResultCodeEnum.COMPARE_TRUE, resp.getLdapResult().getResultCode() );
+        assertEquals( ResultCodeEnum.COMPARE_TRUE, resp.getLdapResult().getResultCode() );
     }
 
 }

Modified: directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/DeleteAuthorizationIT.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/DeleteAuthorizationIT.java?rev=987611&r1=987610&r2=987611&view=diff
==============================================================================
--- directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/DeleteAuthorizationIT.java (original)
+++ directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/DeleteAuthorizationIT.java Fri Aug 20 19:31:58 2010
@@ -19,6 +19,7 @@
  */
 package org.apache.directory.server.core.authz;
 
+
 import static org.apache.directory.server.core.authz.AutzIntegUtils.addUserToGroup;
 import static org.apache.directory.server.core.authz.AutzIntegUtils.createAccessControlSubentry;
 import static org.apache.directory.server.core.authz.AutzIntegUtils.createUser;
@@ -28,7 +29,6 @@ import static org.junit.Assert.assertFal
 import static org.junit.Assert.assertTrue;
 
 import org.apache.directory.ldap.client.api.LdapConnection;
-import org.apache.directory.ldap.client.api.message.DeleteResponse;
 import org.apache.directory.server.core.annotations.CreateDS;
 import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
 import org.apache.directory.server.core.integ.FrameworkRunner;
@@ -36,6 +36,7 @@ import org.apache.directory.server.core.
 import org.apache.directory.shared.ldap.constants.SchemaConstants;
 import org.apache.directory.shared.ldap.entry.DefaultEntry;
 import org.apache.directory.shared.ldap.entry.Entry;
+import org.apache.directory.shared.ldap.message.DeleteResponse;
 import org.apache.directory.shared.ldap.message.ResultCodeEnum;
 import org.apache.directory.shared.ldap.name.DN;
 import org.junit.After;
@@ -49,9 +50,9 @@ import org.junit.runner.RunWith;
  *
  * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
  */
-@RunWith ( FrameworkRunner.class )
-@CreateDS( enableAccessControl=true )
-public class DeleteAuthorizationIT extends AbstractLdapTestUnit 
+@RunWith(FrameworkRunner.class)
+@CreateDS(enableAccessControl = true)
+public class DeleteAuthorizationIT extends AbstractLdapTestUnit
 {
 
     @Before
@@ -59,15 +60,15 @@ public class DeleteAuthorizationIT exten
     {
         AutzIntegUtils.service = service;
     }
-    
-    
+
+
     @After
     public void closeConnections()
     {
         IntegrationUtils.closeConnections();
     }
-    
-    
+
+
     /**
      * Checks if a simple entry (organizationalUnit) can be deleted from the DIT at an
      * RDN relative to ou=system by a specific non-admin user.  The entry is first
@@ -90,7 +91,7 @@ public class DeleteAuthorizationIT exten
     public boolean checkCanDeleteEntryAs( String uid, String password, String entryRdn ) throws Exception
     {
         DN entryDN = new DN( entryRdn + ",ou=system" );
-        
+
         // create the entry with the telephoneNumber attribute to compare
         Entry testEntry = new DefaultEntry( entryDN );
         testEntry.add( SchemaConstants.OBJECT_CLASS_AT, "organizationalUnit" );
@@ -100,14 +101,14 @@ public class DeleteAuthorizationIT exten
 
         // create the entry as admin
         adminConnection.add( testEntry );
-        
+
         DN userName = new DN( "uid=" + uid + ",ou=users,ou=system" );
-        
+
         // delete the newly created context as the user
         LdapConnection userConnection = getConnectionAs( userName, password );
         DeleteResponse resp = userConnection.delete( entryDN );
 
-        if( resp.getLdapResult().getResultCode() == ResultCodeEnum.SUCCESS )
+        if ( resp.getLdapResult().getResultCode() == ResultCodeEnum.SUCCESS )
         {
             return true;
         }
@@ -135,24 +136,11 @@ public class DeleteAuthorizationIT exten
 
         // Gives grantRemove perm to all users in the Administrators group for
         // entries and all attribute types and values
-        createAccessControlSubentry( 
-            "administratorAdd", 
-            "{ " + 
-            "  identificationTag \"addAci\", " + 
-            "  precedence 14, " +
-            "  authenticationLevel none, " + 
-            "  itemOrUserFirst userFirst: " +
-            "  { " +
-            "    userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }, " + 
-            "    userPermissions " +
-            "    { " +
-            "      { " +
-            "        protectedItems {entry}, " + 
-            "       grantsAndDenials { grantRemove, grantBrowse } " +
-            "      } " +
-            "    } " +
-            "  } " +
-            "}" );
+        createAccessControlSubentry( "administratorAdd", "{ " + "  identificationTag \"addAci\", "
+            + "  precedence 14, " + "  authenticationLevel none, " + "  itemOrUserFirst userFirst: " + "  { "
+            + "    userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }, " + "    userPermissions "
+            + "    { " + "      { " + "        protectedItems {entry}, "
+            + "       grantsAndDenials { grantRemove, grantBrowse } " + "      } " + "    } " + "  } " + "}" );
 
         // see if we can now delete that test entry which we could not before
         // delete op should still fail since billd is not in the admin group
@@ -181,24 +169,11 @@ public class DeleteAuthorizationIT exten
         assertFalse( checkCanDeleteEntryAs( "billyd", "billyd", "ou=testou" ) );
 
         // now add a subentry that enables user billyd to delete an entry below ou=system
-        createAccessControlSubentry( 
-            "billydAdd", 
-            "{ " + 
-            "  identificationTag \"addAci\", " + 
-            "  precedence 14, " +
-            "  authenticationLevel none, " + 
-            "  itemOrUserFirst userFirst: " +
-            "  { " +
-            "    userClasses { name { \"uid=billyd,ou=users,ou=system\" } }, " + 
-            "    userPermissions " +
-            "    { " +
-            "      { " +
-            "        protectedItems {entry}, " + 
-            "        grantsAndDenials { grantRemove, grantBrowse } " +
-            "      } " +
-            "    } " +
-            "  } " +
-            "}" );
+        createAccessControlSubentry( "billydAdd", "{ " + "  identificationTag \"addAci\", " + "  precedence 14, "
+            + "  authenticationLevel none, " + "  itemOrUserFirst userFirst: " + "  { "
+            + "    userClasses { name { \"uid=billyd,ou=users,ou=system\" } }, " + "    userPermissions " + "    { "
+            + "      { " + "        protectedItems {entry}, "
+            + "        grantsAndDenials { grantRemove, grantBrowse } " + "      } " + "    } " + "  } " + "}" );
 
         // should work now that billyd is authorized by name
         assertTrue( checkCanDeleteEntryAs( "billyd", "billyd", "ou=testou" ) );
@@ -220,27 +195,11 @@ public class DeleteAuthorizationIT exten
         assertFalse( checkCanDeleteEntryAs( "billyd", "billyd", "ou=testou" ) );
 
         // now add a subentry that enables user billyd to delte an entry below ou=system
-        createAccessControlSubentry( 
-            "billyAddBySubtree", 
-            "{ " + 
-            "  identificationTag \"addAci\", " + 
-            "  precedence 14, " +
-            "  authenticationLevel none, " + 
-            "  itemOrUserFirst userFirst: " +
-            "  { " +
-            "    userClasses " +
-            "    { " +
-            "      subtree { { base \"ou=users,ou=system\" } } " +
-            "    }, " + 
-            "    userPermissions " +
-            "    { " +
-            "      { " +
-            "        protectedItems {entry}, " + 
-            "        grantsAndDenials { grantRemove, grantBrowse } " +
-            "      } " +
-            "    } " +
-            "  } " +
-            "}" );
+        createAccessControlSubentry( "billyAddBySubtree", "{ " + "  identificationTag \"addAci\", "
+            + "  precedence 14, " + "  authenticationLevel none, " + "  itemOrUserFirst userFirst: " + "  { "
+            + "    userClasses " + "    { " + "      subtree { { base \"ou=users,ou=system\" } } " + "    }, "
+            + "    userPermissions " + "    { " + "      { " + "        protectedItems {entry}, "
+            + "        grantsAndDenials { grantRemove, grantBrowse } " + "      } " + "    } " + "  } " + "}" );
 
         // should work now that billyd is authorized by the subtree userClass
         assertTrue( checkCanDeleteEntryAs( "billyd", "billyd", "ou=testou" ) );
@@ -262,24 +221,11 @@ public class DeleteAuthorizationIT exten
         assertFalse( checkCanDeleteEntryAs( "billyd", "billyd", "ou=testou" ) );
 
         // now add a subentry that enables anyone to add an entry below ou=system
-        createAccessControlSubentry( 
-            "anybodyAdd", 
-            "{ " + 
-            "  identificationTag \"addAci\", " + 
-            "  precedence 14, " +
-            "  authenticationLevel none, " + 
-            "  itemOrUserFirst userFirst: " +
-            "  { " + 
-            "    userClasses { allUsers }, " +
-            "    userPermissions " +
-            "    { " +
-            "      { " + 
-            "        protectedItems {entry}, " +
-            "        grantsAndDenials { grantRemove, grantBrowse } " +
-            "      } " +
-            "    } " +
-            "  } " +
-            "}" );
+        createAccessControlSubentry( "anybodyAdd", "{ " + "  identificationTag \"addAci\", " + "  precedence 14, "
+            + "  authenticationLevel none, " + "  itemOrUserFirst userFirst: " + "  { "
+            + "    userClasses { allUsers }, " + "    userPermissions " + "    { " + "      { "
+            + "        protectedItems {entry}, " + "        grantsAndDenials { grantRemove, grantBrowse } "
+            + "      } " + "    } " + "  } " + "}" );
 
         // see if we can now delete that test entry which we could not before
         // should work now with billyd now that all users are authorized

Modified: directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/ModifyAuthorizationIT.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/ModifyAuthorizationIT.java?rev=987611&r1=987610&r2=987611&view=diff
==============================================================================
--- directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/ModifyAuthorizationIT.java (original)
+++ directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/ModifyAuthorizationIT.java Fri Aug 20 19:31:58 2010
@@ -32,8 +32,6 @@ import static org.junit.Assert.assertFal
 import static org.junit.Assert.assertTrue;
 
 import org.apache.directory.ldap.client.api.LdapConnection;
-import org.apache.directory.ldap.client.api.message.ModifyRequest;
-import org.apache.directory.ldap.client.api.message.ModifyResponse;
 import org.apache.directory.server.core.annotations.CreateDS;
 import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
 import org.apache.directory.server.core.integ.FrameworkRunner;
@@ -46,6 +44,9 @@ import org.apache.directory.shared.ldap.
 import org.apache.directory.shared.ldap.entry.EntryAttribute;
 import org.apache.directory.shared.ldap.entry.Modification;
 import org.apache.directory.shared.ldap.entry.ModificationOperation;
+import org.apache.directory.shared.ldap.message.ModifyRequest;
+import org.apache.directory.shared.ldap.message.ModifyRequestImpl;
+import org.apache.directory.shared.ldap.message.ModifyResponse;
 import org.apache.directory.shared.ldap.message.ResultCodeEnum;
 import org.apache.directory.shared.ldap.name.DN;
 import org.junit.After;
@@ -60,7 +61,7 @@ import org.junit.runner.RunWith;
  * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
  */
 @RunWith(FrameworkRunner.class)
-@CreateDS( enableAccessControl=true )
+@CreateDS(enableAccessControl = true)
 public class ModifyAuthorizationIT extends AbstractLdapTestUnit
 {
 
@@ -76,8 +77,8 @@ public class ModifyAuthorizationIT exten
     {
         IntegrationUtils.closeConnections();
     }
-    
-    
+
+
     /**
      * Checks if an attribute of a simple entry (an organizationalUnit) with an RDN
      * relative to ou=system can be modified by a specific non-admin user.  If a
@@ -101,7 +102,7 @@ public class ModifyAuthorizationIT exten
     {
         DN entryDN = new DN( entryRdn + ",ou=system" );
         boolean result;
-        
+
         // create the entry with the telephoneNumber attribute to compare
         Entry testEntry = new DefaultEntry( entryDN );
         testEntry.add( SchemaConstants.OBJECT_CLASS_AT, "organizationalUnit" );
@@ -118,8 +119,14 @@ public class ModifyAuthorizationIT exten
         LdapConnection userConnection = getConnectionAs( userName, password );
 
         // modify the entry as the user
-        ModifyRequest modReq = new ModifyRequest( entryDN );
-        modReq.addModification( mods );
+        ModifyRequest modReq = new ModifyRequestImpl();
+        modReq.setName( entryDN );
+
+        for ( Modification modification : mods )
+        {
+            modReq.addModification( modification );
+        }
+
         ModifyResponse resp = userConnection.modify( modReq );
 
         if ( resp.getLdapResult().getResultCode() == ResultCodeEnum.SUCCESS )
@@ -130,10 +137,10 @@ public class ModifyAuthorizationIT exten
         {
             result = false;
         }
-        
+
         // let's clean up
         adminConnection.delete( entryDN );
-    
+
         return result;
     }
 
@@ -177,7 +184,8 @@ public class ModifyAuthorizationIT exten
         DN userName = new DN( "uid=" + uid + ",ou=users,ou=system" );
         // modify the entry as the user
         LdapConnection userConnection = getConnectionAs( userName, password );
-        ModifyRequest modReq = new ModifyRequest( entryDN );
+        ModifyRequest modReq = new ModifyRequestImpl();
+        modReq.setName( entryDN );
         modReq.addModification( attr, modOp );
 
         ModifyResponse resp = userConnection.modify( modReq );
@@ -216,8 +224,13 @@ public class ModifyAuthorizationIT exten
         DN userDN = new DN( "uid=" + uid + ",ou=users,ou=system" );
         LdapConnection connection = getConnectionAs( userDN, password );
 
-        ModifyRequest modReq = new ModifyRequest( userDN );
-        modReq.addModification( mods );
+        ModifyRequest modReq = new ModifyRequestImpl();
+        modReq.setName( userDN );
+
+        for ( Modification modification : mods )
+        {
+            modReq.addModification( modification );
+        }
 
         ModifyResponse resp = connection.modify( modReq );
 
@@ -266,28 +279,12 @@ public class ModifyAuthorizationIT exten
 
         // Gives grantModify, and grantRead perm to all users in the Administrators group for
         // entries and all attribute types and values
-        createAccessControlSubentry( 
-            "selfModifyUserPassword", 
-            "{ " + 
-            "  identificationTag \"addAci\", " +
-            "  precedence 14, " + 
-            "  authenticationLevel none, " + 
-            "  itemOrUserFirst userFirst: " +
-            "  { " +
-            "    userClasses { thisEntry }, " + 
-            "    userPermissions " +
-            "    { " +
-            "      { " +
-            "        protectedItems {entry}, " +
-            "        grantsAndDenials { grantModify, grantBrowse, grantRead } " +
-            "      }, " +
-            "      { " +
-            "        protectedItems {allAttributeValues {userPassword}}, " +
-            "        grantsAndDenials { grantAdd, grantRemove } " +
-            "      } " +
-            "    } " +
-            "  } " +
-            "}" );
+        createAccessControlSubentry( "selfModifyUserPassword", "{ " + "  identificationTag \"addAci\", "
+            + "  precedence 14, " + "  authenticationLevel none, " + "  itemOrUserFirst userFirst: " + "  { "
+            + "    userClasses { thisEntry }, " + "    userPermissions " + "    { " + "      { "
+            + "        protectedItems {entry}, " + "        grantsAndDenials { grantModify, grantBrowse, grantRead } "
+            + "      }, " + "      { " + "        protectedItems {allAttributeValues {userPassword}}, "
+            + "        grantsAndDenials { grantAdd, grantRemove } " + "      } " + "    } " + "  } " + "}" );
 
         // try a modify operation which should succeed with ACI
         assertTrue( checkCanSelfModify( "billyd", "billyd", mods ) );
@@ -321,32 +318,14 @@ public class ModifyAuthorizationIT exten
 
         // Gives grantModify, and grantRead perm to all users in the TestGroup group for
         // entries and all attribute types and values
-        createAccessControlSubentry(
-            "administratorModifyAdd",
-            "{ " +
-            "  identificationTag \"addAci\", " +
-            "  precedence 14, " +
-            "  authenticationLevel none, " +
-            "  itemOrUserFirst userFirst: " +
-            "  { " +
-            "    userClasses { userGroup { \"cn=TestGroup,ou=groups,ou=system\" } }, " +
-            "    userPermissions " +
-            "    { " +
-            "      { " +
-            "        protectedItems {entry}, " +
-            "        grantsAndDenials { grantModify, grantBrowse } " +
-            "      }, " +
-            "      { " +
-            "        protectedItems " +
-            "        {" +
-            "          attributeType {registeredAddress}, " +
-            "          allAttributeValues {registeredAddress}" +
-            "        }, " +
-            "        grantsAndDenials { grantAdd } " +
-            "      } " +
-            "    } " +
-            "  } " +
-            "}" );
+        createAccessControlSubentry( "administratorModifyAdd", "{ " + "  identificationTag \"addAci\", "
+            + "  precedence 14, " + "  authenticationLevel none, " + "  itemOrUserFirst userFirst: " + "  { "
+            + "    userClasses { userGroup { \"cn=TestGroup,ou=groups,ou=system\" } }, " + "    userPermissions "
+            + "    { " + "      { " + "        protectedItems {entry}, "
+            + "        grantsAndDenials { grantModify, grantBrowse } " + "      }, " + "      { "
+            + "        protectedItems " + "        {" + "          attributeType {registeredAddress}, "
+            + "          allAttributeValues {registeredAddress}" + "        }, "
+            + "        grantsAndDenials { grantAdd } " + "      } " + "    } " + "  } " + "}" );
 
         // see if we can now add that test entry which we could not before
         // add op should still fail since billd is not in the admin group
@@ -372,32 +351,14 @@ public class ModifyAuthorizationIT exten
 
         // Gives grantModify, and grantRead perm to all users in the TestGroup group for
         // entries and all attribute types and values
-        createAccessControlSubentry(
-            "administratorModifyRemove",
-            "{ " +
-            "  identificationTag \"addAci\", " +
-            "  precedence 14, " +
-            "  authenticationLevel none, " +
-            "  itemOrUserFirst userFirst: " +
-            "  { " +
-            "    userClasses { userGroup { \"cn=TestGroup,ou=groups,ou=system\" } }, " +
-            "    userPermissions " +
-            "    { " +
-            "      { " +
-            "        protectedItems {entry}, " +
-            "        grantsAndDenials { grantModify, grantBrowse } " +
-            "      }, " +
-            "      { " +
-            "        protectedItems " +
-            "        {" +
-            "          attributeType {telephoneNumber}, " +
-            "          allAttributeValues {telephoneNumber}" +
-            "        }, " +
-            "        grantsAndDenials { grantRemove } " +
-            "      } " +
-            "    } " +
-            "  } " +
-            "}" );
+        createAccessControlSubentry( "administratorModifyRemove", "{ " + "  identificationTag \"addAci\", "
+            + "  precedence 14, " + "  authenticationLevel none, " + "  itemOrUserFirst userFirst: " + "  { "
+            + "    userClasses { userGroup { \"cn=TestGroup,ou=groups,ou=system\" } }, " + "    userPermissions "
+            + "    { " + "      { " + "        protectedItems {entry}, "
+            + "        grantsAndDenials { grantModify, grantBrowse } " + "      }, " + "      { "
+            + "        protectedItems " + "        {" + "          attributeType {telephoneNumber}, "
+            + "          allAttributeValues {telephoneNumber}" + "        }, "
+            + "        grantsAndDenials { grantRemove } " + "      } " + "    } " + "  } " + "}" );
 
         // try a modify operation which should succeed with ACI and group membership change
         assertTrue( checkCanModifyAs( "billyd", "billyd", "ou=testou", mods ) );
@@ -416,32 +377,14 @@ public class ModifyAuthorizationIT exten
 
         // Gives grantModify, and grantRead perm to all users in the TestGroup group for
         // entries and all attribute types and values
-        createAccessControlSubentry(
-            "administratorModifyReplace",
-            "{ " +
-            "  identificationTag \"addAci\", " +
-            "  precedence 14, " +
-            "  authenticationLevel none, " +
-            "  itemOrUserFirst userFirst: " +
-            "  { " +
-            "    userClasses { userGroup { \"cn=TestGroup,ou=groups,ou=system\" } }, " +
-            "    userPermissions " +
-            "    { " +
-            "      { " +
-            "        protectedItems {entry}, " +
-            "        grantsAndDenials { grantModify, grantBrowse } " +
-            "      }, " +
-            "      { " +
-            "        protectedItems " +
-            "        {" +
-            "          attributeType {registeredAddress}, " +
-            "          allAttributeValues {telephoneNumber}" +
-            "        }, " +
-            "        grantsAndDenials { grantAdd, grantRemove } " +
-            "      } " +
-            "    } " +
-            "  } " +
-            "}" );
+        createAccessControlSubentry( "administratorModifyReplace", "{ " + "  identificationTag \"addAci\", "
+            + "  precedence 14, " + "  authenticationLevel none, " + "  itemOrUserFirst userFirst: " + "  { "
+            + "    userClasses { userGroup { \"cn=TestGroup,ou=groups,ou=system\" } }, " + "    userPermissions "
+            + "    { " + "      { " + "        protectedItems {entry}, "
+            + "        grantsAndDenials { grantModify, grantBrowse } " + "      }, " + "      { "
+            + "        protectedItems " + "        {" + "          attributeType {registeredAddress}, "
+            + "          allAttributeValues {telephoneNumber}" + "        }, "
+            + "        grantsAndDenials { grantAdd, grantRemove } " + "      } " + "    } " + "  } " + "}" );
 
         // try a modify operation which should succeed with ACI and group membership change
         assertTrue( checkCanModifyAs( "billyd", "billyd", "ou=testou", mods ) );
@@ -462,32 +405,14 @@ public class ModifyAuthorizationIT exten
 
         // Gives grantModify, and grantRead perm to all users in the TestGroup group for
         // entries and all attribute types and values
-        createAccessControlSubentry(
-            "administratorModifyAdd",
-            "{ " + 
-            "  identificationTag \"addAci\", " + 
-            "  precedence 14, " + 
-            "  authenticationLevel none, " + 
-            "  itemOrUserFirst userFirst: " +
-            "  { " + 
-            "    userClasses { userGroup { \"cn=TestGroup,ou=groups,ou=system\" } }, " + 
-            "    userPermissions " +
-            "    { " + 
-            "      { " +
-            "        protectedItems {entry}, " +
-            "        grantsAndDenials { grantModify, grantBrowse } " +
-            "      }, " + 
-            "      { " +
-            "        protectedItems " +
-            "        {" +
-            "          attributeType {registeredAddress}, " +
-            "          allAttributeValues {registeredAddress}" +
-            "        }, " +
-            "        grantsAndDenials { grantAdd } " +
-            "      } " + 
-            "    } " +
-            "  } " +
-            "}" );
+        createAccessControlSubentry( "administratorModifyAdd", "{ " + "  identificationTag \"addAci\", "
+            + "  precedence 14, " + "  authenticationLevel none, " + "  itemOrUserFirst userFirst: " + "  { "
+            + "    userClasses { userGroup { \"cn=TestGroup,ou=groups,ou=system\" } }, " + "    userPermissions "
+            + "    { " + "      { " + "        protectedItems {entry}, "
+            + "        grantsAndDenials { grantModify, grantBrowse } " + "      }, " + "      { "
+            + "        protectedItems " + "        {" + "          attributeType {registeredAddress}, "
+            + "          allAttributeValues {registeredAddress}" + "        }, "
+            + "        grantsAndDenials { grantAdd } " + "      } " + "    } " + "  } " + "}" );
 
         // try a modify operation which should succeed with ACI and group membership change
         assertTrue( checkCanModifyAs( "billyd", "billyd", "ou=testou", ModificationOperation.ADD_ATTRIBUTE, changes ) );
@@ -505,32 +430,14 @@ public class ModifyAuthorizationIT exten
 
         // Gives grantModify, and grantRead perm to all users in the TestGroup group for
         // entries and all attribute types and values
-        createAccessControlSubentry(
-            "administratorModifyRemove",
-            "{ " +
-            "  identificationTag \"addAci\", " +
-            "  precedence 14, " +
-            "  authenticationLevel none, " +
-            "  itemOrUserFirst userFirst: " +
-            "  { " +
-            "    userClasses { userGroup { \"cn=TestGroup,ou=groups,ou=system\" } }, " +
-            "    userPermissions " +
-            "    { " +
-            "      { " +
-            "        protectedItems {entry}, " +
-            "        grantsAndDenials { grantModify, grantBrowse } " +
-            "      }, " +
-            "      { " +
-            "        protectedItems " +
-            "        {" +
-            "          attributeType {telephoneNumber}, " +
-            "          allAttributeValues {telephoneNumber}" +
-            "        }, " +
-            "        grantsAndDenials { grantRemove } " +
-            "      } " + 
-            "    } " +
-            "  } " +
-            "}" );
+        createAccessControlSubentry( "administratorModifyRemove", "{ " + "  identificationTag \"addAci\", "
+            + "  precedence 14, " + "  authenticationLevel none, " + "  itemOrUserFirst userFirst: " + "  { "
+            + "    userClasses { userGroup { \"cn=TestGroup,ou=groups,ou=system\" } }, " + "    userPermissions "
+            + "    { " + "      { " + "        protectedItems {entry}, "
+            + "        grantsAndDenials { grantModify, grantBrowse } " + "      }, " + "      { "
+            + "        protectedItems " + "        {" + "          attributeType {telephoneNumber}, "
+            + "          allAttributeValues {telephoneNumber}" + "        }, "
+            + "        grantsAndDenials { grantRemove } " + "      } " + "    } " + "  } " + "}" );
 
         // try a modify operation which should succeed with ACI and group membership change
         assertTrue( checkCanModifyAs( "billyd", "billyd", "ou=testou", ModificationOperation.REMOVE_ATTRIBUTE, changes ) );
@@ -544,36 +451,19 @@ public class ModifyAuthorizationIT exten
         changes = new DefaultEntryAttribute( "telephoneNumber", "867-5309" );
 
         // make sure we cannot remove the telephone number from the test entry
-        assertFalse( checkCanModifyAs( "billyd", "billyd", "ou=testou", ModificationOperation.REPLACE_ATTRIBUTE, changes ) );
+        assertFalse( checkCanModifyAs( "billyd", "billyd", "ou=testou", ModificationOperation.REPLACE_ATTRIBUTE,
+            changes ) );
 
         // Gives grantModify, and grantRead perm to all users in the TestGroup group for
         // entries and all attribute types and values
-        createAccessControlSubentry(
-            "administratorModifyReplace",
-            "{ " +
-            "  identificationTag \"addAci\", " +
-            "  precedence 14, " +
-            "  authenticationLevel none, " +
-            "  itemOrUserFirst userFirst: " +
-            "  { " +
-            "    userClasses { userGroup { \"cn=TestGroup,ou=groups,ou=system\" } }, " +
-            "    userPermissions " +
-            "    { " +
-            "      { " +
-            "        protectedItems {entry}, " +
-            "        grantsAndDenials { grantModify, grantBrowse } " +
-            "      }, " +
-            "      { " +
-            "        protectedItems " +
-            "        {" +
-            "          attributeType {registeredAddress}, " +
-            "          allAttributeValues {telephoneNumber}" +
-            "        }, " +
-            "        grantsAndDenials { grantAdd, grantRemove } " +
-            "      } " + 
-            "    } " +
-            "  } " +
-            "}" );
+        createAccessControlSubentry( "administratorModifyReplace", "{ " + "  identificationTag \"addAci\", "
+            + "  precedence 14, " + "  authenticationLevel none, " + "  itemOrUserFirst userFirst: " + "  { "
+            + "    userClasses { userGroup { \"cn=TestGroup,ou=groups,ou=system\" } }, " + "    userPermissions "
+            + "    { " + "      { " + "        protectedItems {entry}, "
+            + "        grantsAndDenials { grantModify, grantBrowse } " + "      }, " + "      { "
+            + "        protectedItems " + "        {" + "          attributeType {registeredAddress}, "
+            + "          allAttributeValues {telephoneNumber}" + "        }, "
+            + "        grantsAndDenials { grantAdd, grantRemove } " + "      } " + "    } " + "  } " + "}" );
 
         // try a modify operation which should succeed with ACI and group membership change
         assertTrue( checkCanModifyAs( "billyd", "billyd", "ou=testou", ModificationOperation.REPLACE_ATTRIBUTE, changes ) );
@@ -589,8 +479,8 @@ public class ModifyAuthorizationIT exten
     @Test
     public void testGrantModifyByName() throws Exception
     {
-        Modification[] mods = toItems( ModificationOperation.ADD_ATTRIBUTE, 
-            new DefaultEntryAttribute( "telephoneNumber", "012-3456" ) );
+        Modification[] mods = toItems( ModificationOperation.ADD_ATTRIBUTE, new DefaultEntryAttribute(
+            "telephoneNumber", "012-3456" ) );
 
         // create the non-admin user
         createUser( "billyd", "billyd" );
@@ -599,34 +489,19 @@ public class ModifyAuthorizationIT exten
         assertFalse( checkCanModifyAs( "billyd", "billyd", "ou=testou", mods ) );
 
         // now add a subentry that enables user billyd to modify an entry below ou=system
-        createAccessControlSubentry( 
-            "billydAdd", 
-            "{ " +
-            "  identificationTag \"addAci\", " +
-            "  precedence 14, " +
-            "  authenticationLevel none, " +
-            "  itemOrUserFirst userFirst: " +
-            "  { " +
-            "    userClasses { name { \"uid=billyd,ou=users,ou=system\" } }, " +
-            "    userPermissions " +
-            "    { " +
-            "      { " +
-            "        protectedItems {entry}, " +
-            "        grantsAndDenials { grantModify, grantRead, grantBrowse } " +
-            "      }, " +
-            "      { " +
-            "        protectedItems {allUserAttributeTypesAndValues}, " +
-            "        grantsAndDenials { grantAdd, grantRead, grantRemove } " +
-            "      } " +
-            "    } " +
-            "  } " +
-            "}" );
+        createAccessControlSubentry( "billydAdd", "{ " + "  identificationTag \"addAci\", " + "  precedence 14, "
+            + "  authenticationLevel none, " + "  itemOrUserFirst userFirst: " + "  { "
+            + "    userClasses { name { \"uid=billyd,ou=users,ou=system\" } }, " + "    userPermissions " + "    { "
+            + "      { " + "        protectedItems {entry}, "
+            + "        grantsAndDenials { grantModify, grantRead, grantBrowse } " + "      }, " + "      { "
+            + "        protectedItems {allUserAttributeTypesAndValues}, "
+            + "        grantsAndDenials { grantAdd, grantRead, grantRemove } " + "      } " + "    } " + "  } " + "}" );
 
         // should work now that billyd is authorized by name
         assertTrue( checkCanModifyAs( "billyd", "billyd", "ou=testou", mods ) );
     }
-    
-    
+
+
     /**
      * Checks to make sure subtree based userClass works for modify operations.
      *
@@ -635,8 +510,8 @@ public class ModifyAuthorizationIT exten
     @Test
     public void testGrantModifyBySubtree() throws Exception
     {
-        Modification[] mods = toItems( ModificationOperation.ADD_ATTRIBUTE, 
-            new DefaultEntryAttribute( "telephoneNumber", "012-345678" ) );
+        Modification[] mods = toItems( ModificationOperation.ADD_ATTRIBUTE, new DefaultEntryAttribute(
+            "telephoneNumber", "012-345678" ) );
 
         // create the non-admin user
         createUser( "billyd", "billyd" );
@@ -645,35 +520,19 @@ public class ModifyAuthorizationIT exten
         assertFalse( checkCanModifyAs( "billyd", "billyd", "ou=testou", mods ) );
 
         // now add a subentry that enables user billyd to modify an entry below ou=system
-        createAccessControlSubentry( 
-            "billyAddBySubtree", 
-            "{ " +
-            "  identificationTag \"addAci\", " +
-            "  precedence 14, " +
-            "  authenticationLevel none, " +
-            "  itemOrUserFirst userFirst: " +
-            "  { " +
-            "    userClasses " +
-            "    {" +
-            "      subtree { { base \"ou=users,ou=system\" } } " +
-            "    }, " +
-            "    userPermissions " +
-            "    { " +
-            "      { " +
-            "        protectedItems {entry}, " +
-            "        grantsAndDenials { grantModify, grantRead, grantBrowse } " +
-            "      }, " +
-            "      { " +
-            "        protectedItems {allUserAttributeTypesAndValues}, " +
-            "        grantsAndDenials { grantAdd, grantRead, grantRemove } " +
-            "      } " +
-            "    } " +
-            "  } " +
-            "}" );
-    //
+        createAccessControlSubentry( "billyAddBySubtree", "{ " + "  identificationTag \"addAci\", "
+            + "  precedence 14, " + "  authenticationLevel none, " + "  itemOrUserFirst userFirst: " + "  { "
+            + "    userClasses " + "    {" + "      subtree { { base \"ou=users,ou=system\" } } " + "    }, "
+            + "    userPermissions " + "    { " + "      { " + "        protectedItems {entry}, "
+            + "        grantsAndDenials { grantModify, grantRead, grantBrowse } " + "      }, " + "      { "
+            + "        protectedItems {allUserAttributeTypesAndValues}, "
+            + "        grantsAndDenials { grantAdd, grantRead, grantRemove } " + "      } " + "    } " + "  } " + "}" );
+        //
         // should work now that billyd is authorized by the subtree userClass
         assertTrue( checkCanModifyAs( "billyd", "billyd", "ou=testou", mods ) );
     }
+
+
     //
     //
     /**
@@ -684,8 +543,8 @@ public class ModifyAuthorizationIT exten
     @Test
     public void testGrantModifyAllUsers() throws Exception
     {
-        Modification[] mods = toItems( ModificationOperation.ADD_ATTRIBUTE, 
-            new DefaultEntryAttribute( "telephoneNumber", "001-012345" ) );
+        Modification[] mods = toItems( ModificationOperation.ADD_ATTRIBUTE, new DefaultEntryAttribute(
+            "telephoneNumber", "001-012345" ) );
 
         // create the non-admin user
         createUser( "billyd", "billyd" );
@@ -694,34 +553,19 @@ public class ModifyAuthorizationIT exten
         assertFalse( checkCanModifyAs( "billyd", "billyd", "ou=testou", mods ) );
 
         // now add a subentry that enables anyone to add an entry below ou=system
-        createAccessControlSubentry( 
-            "anybodyAdd", 
-            "{ " +
-            "  identificationTag \"addAci\", " +
-            "  precedence 14, " +
-            "  authenticationLevel none, " +
-            "  itemOrUserFirst userFirst: " +
-            "  { " +
-            "    userClasses { allUsers }, " +
-            "    userPermissions " +
-            "    { " +
-            "      { " +
-            "        protectedItems {entry}, " +
-            "        grantsAndDenials { grantModify, grantRead, grantBrowse } " +
-            "      }, " +
-            "      { " +
-            "        protectedItems {allUserAttributeTypesAndValues}, " +
-            "        grantsAndDenials { grantAdd, grantRead, grantRemove } " +
-            "      } " +
-            "    } " +
-            "  } " +
-            "}" );
+        createAccessControlSubentry( "anybodyAdd", "{ " + "  identificationTag \"addAci\", " + "  precedence 14, "
+            + "  authenticationLevel none, " + "  itemOrUserFirst userFirst: " + "  { "
+            + "    userClasses { allUsers }, " + "    userPermissions " + "    { " + "      { "
+            + "        protectedItems {entry}, " + "        grantsAndDenials { grantModify, grantRead, grantBrowse } "
+            + "      }, " + "      { " + "        protectedItems {allUserAttributeTypesAndValues}, "
+            + "        grantsAndDenials { grantAdd, grantRead, grantRemove } " + "      } " + "    } " + "  } " + "}" );
 
         // see if we can now modify that test entry's number which we could not before
         // should work with billyd now that all users are authorized
         assertTrue( checkCanModifyAs( "billyd", "billyd", "ou=testou", mods ) );
     }
 
+
     @Test
     public void testPresciptiveACIModification() throws Exception
     {
@@ -731,48 +575,23 @@ public class ModifyAuthorizationIT exten
 
         createUser( "billyd", "billyd" );
 
-        createAccessControlSubentry(
-            "modifyACI",
-            "{ " +
-            "  identificationTag \"modifyAci\", " +
-            "  precedence 14, " +
-            "  authenticationLevel none, " +
-            "  itemOrUserFirst userFirst: " +
-            "  { " +
-            "    userClasses { allUsers }, " +
-            "    userPermissions " +
-            "    { " +
-            "      { " +
-            "        protectedItems {entry, allUserAttributeTypesAndValues}, " +
-            "        grantsAndDenials { grantModify, grantBrowse, grantAdd, grantRemove } " +
-            "      } " +
-            "    } " +
-            "  } " +
-            "}" );
+        createAccessControlSubentry( "modifyACI", "{ " + "  identificationTag \"modifyAci\", " + "  precedence 14, "
+            + "  authenticationLevel none, " + "  itemOrUserFirst userFirst: " + "  { "
+            + "    userClasses { allUsers }, " + "    userPermissions " + "    { " + "      { "
+            + "        protectedItems {entry, allUserAttributeTypesAndValues}, "
+            + "        grantsAndDenials { grantModify, grantBrowse, grantAdd, grantRemove } " + "      } " + "    } "
+            + "  } " + "}" );
 
         assertTrue( checkCanModifyAs( "billyd", "billyd", "ou=testou", mods ) );
 
         mods = toItems( ModificationOperation.REPLACE_ATTRIBUTE, new DefaultEntryAttribute( "registeredAddress",
             "200 Park Ave." ) );
 
-        changePresciptiveACI( 
-            "modifyACI", 
-            "{ " + 
-            "  identificationTag \"modifyAci\", " + 
-            "  precedence 14, " +
-            "  authenticationLevel none, " + 
-            "  itemOrUserFirst userFirst: " +
-            "  { " + 
-            "    userClasses { allUsers }, " +
-            "    userPermissions " +
-            "    { " +
-            "      { " +
-            "        protectedItems {entry, allUserAttributeTypesAndValues}, " +
-            "        grantsAndDenials { denyModify } " +
-            "      } " +
-            "    } " +
-            "  } " +
-            "}" );
+        changePresciptiveACI( "modifyACI", "{ " + "  identificationTag \"modifyAci\", " + "  precedence 14, "
+            + "  authenticationLevel none, " + "  itemOrUserFirst userFirst: " + "  { "
+            + "    userClasses { allUsers }, " + "    userPermissions " + "    { " + "      { "
+            + "        protectedItems {entry, allUserAttributeTypesAndValues}, "
+            + "        grantsAndDenials { denyModify } " + "      } " + "    } " + "  } " + "}" );
 
         assertFalse( checkCanModifyAs( "billyd", "billyd", "ou=testou", mods ) );
 
@@ -785,33 +604,14 @@ public class ModifyAuthorizationIT exten
     public void testMaxValueCountProtectedItem() throws Exception
     {
         createUser( "billyd", "billyd" );
-        createAccessControlSubentry( 
-            "mvcACI", 
-            "{" + 
-            "  identificationTag \"mvcACI\"," + 
-            "  precedence 10," +
-            "  authenticationLevel simple," + 
-            "  itemOrUserFirst userFirst:" + 
-            "  {" + 
-            "    userClasses { allUsers }," +
-            "    userPermissions" + 
-            "    {" + 
-            "      {" + 
-            "        protectedItems { entry }," +
-            "        grantsAndDenials { grantModify, grantBrowse }" + 
-            "      }," + 
-            "      {" + 
-            "        protectedItems" + 
-            "        {" +
-            "          attributeType { description }," + 
-            "          allAttributeValues { description }," + 
-            "          maxValueCount { { type description, maxCount 1 } }" + 
-            "        } ," + 
-            "        grantsAndDenials { grantRemove, grantAdd }" + 
-            "      }" + 
-            "    }" + 
-            "  }" + 
-            "}" );
+        createAccessControlSubentry( "mvcACI", "{" + "  identificationTag \"mvcACI\"," + "  precedence 10,"
+            + "  authenticationLevel simple," + "  itemOrUserFirst userFirst:" + "  {"
+            + "    userClasses { allUsers }," + "    userPermissions" + "    {" + "      {"
+            + "        protectedItems { entry }," + "        grantsAndDenials { grantModify, grantBrowse }"
+            + "      }," + "      {" + "        protectedItems" + "        {"
+            + "          attributeType { description }," + "          allAttributeValues { description },"
+            + "          maxValueCount { { type description, maxCount 1 } }" + "        } ,"
+            + "        grantsAndDenials { grantRemove, grantAdd }" + "      }" + "    }" + "  }" + "}" );
 
         Modification[] mods = toItems( ModificationOperation.ADD_ATTRIBUTE, new DefaultEntryAttribute( "description",
             "description 1" ) );



Mime
View raw message