directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kayyag...@apache.org
Subject svn commit: r987611 [4/13] - in /directory/apacheds/trunk: ./ all/ core-annotations/ core-api/ core-api/src/main/java/org/apache/directory/server/core/ core-api/src/main/java/org/apache/directory/server/core/event/ core-api/src/main/java/org/apache/dir...
Date Fri, 20 Aug 2010 19:32:02 GMT
Modified: directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/MoveRenameAuthorizationIT.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/MoveRenameAuthorizationIT.java?rev=987611&r1=987610&r2=987611&view=diff
==============================================================================
--- directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/MoveRenameAuthorizationIT.java (original)
+++ directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/MoveRenameAuthorizationIT.java Fri Aug 20 19:31:58 2010
@@ -19,6 +19,7 @@
  */
 package org.apache.directory.server.core.authz;
 
+
 import static org.apache.directory.server.core.authz.AutzIntegUtils.addUserToGroup;
 import static org.apache.directory.server.core.authz.AutzIntegUtils.createAccessControlSubentry;
 import static org.apache.directory.server.core.authz.AutzIntegUtils.createUser;
@@ -31,13 +32,13 @@ import static org.junit.Assert.assertFal
 import static org.junit.Assert.assertTrue;
 
 import org.apache.directory.ldap.client.api.LdapConnection;
-import org.apache.directory.ldap.client.api.message.ModifyDnResponse;
 import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
 import org.apache.directory.server.core.integ.FrameworkRunner;
 import org.apache.directory.server.core.integ.IntegrationUtils;
 import org.apache.directory.shared.ldap.constants.SchemaConstants;
 import org.apache.directory.shared.ldap.entry.DefaultEntry;
 import org.apache.directory.shared.ldap.entry.Entry;
+import org.apache.directory.shared.ldap.message.ModifyDnResponse;
 import org.apache.directory.shared.ldap.message.ResultCodeEnum;
 import org.apache.directory.shared.ldap.name.DN;
 import org.junit.After;
@@ -51,44 +52,45 @@ import org.junit.runner.RunWith;
  *
  * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
  */
-@RunWith ( FrameworkRunner.class )
+@RunWith(FrameworkRunner.class)
 public class MoveRenameAuthorizationIT extends AbstractLdapTestUnit
 {
 
     @Before
     public void setService()
     {
-       AutzIntegUtils.service = service;
-       service.setAccessControlEnabled( true );
+        AutzIntegUtils.service = service;
+        service.setAccessControlEnabled( true );
     }
-    
+
+
     @After
     public void closeConnections()
     {
         IntegrationUtils.closeConnections();
     }
-    
-    
+
+
     public boolean checkCanRenameAs( String uid, String password, String entryRdn, String newNameRdn ) throws Exception
     {
         DN entryDN = new DN( entryRdn + ",ou=system" );
         boolean result;
-        
+
         Entry testEntry = new DefaultEntry( entryDN );
         testEntry.add( SchemaConstants.OBJECT_CLASS_AT, "organizationalUnit" );
         testEntry.add( SchemaConstants.OU_AT, "testou" );
-        
+
         LdapConnection adminConnection = getAdminConnection();
 
         // create the new entry as the admin user
         adminConnection.add( testEntry );
-        
+
         DN userName = new DN( "uid=" + uid + ",ou=users,ou=system" );
-        
+
         LdapConnection userConnection = getConnectionAs( userName, password );
         ModifyDnResponse resp = userConnection.rename( entryDN.getName(), newNameRdn );
-        
-        if( resp.getLdapResult().getResultCode() == ResultCodeEnum.SUCCESS )
+
+        if ( resp.getLdapResult().getResultCode() == ResultCodeEnum.SUCCESS )
         {
             userConnection.delete( newNameRdn + ",ou=system" );
             result = true;
@@ -98,11 +100,11 @@ public class MoveRenameAuthorizationIT e
             adminConnection.delete( entryDN );
             result = false;
         }
-        
+
         return result;
     }
-    
-    
+
+
     /**
      * Checks if a simple entry (organizationalUnit) can be renamed at an RDN relative
      * to ou=system by a specific non-admin user.  If a permission exception
@@ -119,28 +121,28 @@ public class MoveRenameAuthorizationIT e
      * @return true if the entry can be renamed by the user at the specified location, false otherwise
      * @throws Exception if there are problems conducting the test
      */
-    public boolean checkCanMoveAndRenameAs( String uid, String password, String entryRdn, String newNameRdn, String newParentRdn )
-        throws Exception
+    public boolean checkCanMoveAndRenameAs( String uid, String password, String entryRdn, String newNameRdn,
+        String newParentRdn ) throws Exception
     {
         DN entryDN = new DN( entryRdn + ",ou=system" );
         boolean result;
-        
+
         Entry testEntry = new DefaultEntry( entryDN );
         testEntry.add( SchemaConstants.OBJECT_CLASS_AT, "organizationalUnit" );
         testEntry.add( SchemaConstants.OU_AT, "testou" );
-        
+
         LdapConnection adminConnection = getAdminConnection();
 
         // create the new entry as the admin user
         adminConnection.add( testEntry );
-        
+
         DN userName = new DN( "uid=" + uid + ",ou=users,ou=system" );
-        
+
         LdapConnection userConnection = getConnectionAs( userName, password );
 
         boolean isMoved = false;
         ModifyDnResponse moveResp = userConnection.move( entryDN.getName(), newParentRdn + ",ou=system" );
-        
+
         if ( moveResp.getLdapResult().getResultCode() == ResultCodeEnum.SUCCESS )
         {
             isMoved = true;
@@ -150,11 +152,12 @@ public class MoveRenameAuthorizationIT e
             adminConnection.delete( entryDN );
             return false;
         }
-        
-        ModifyDnResponse resp = userConnection.rename( entryRdn + "," + newParentRdn + ",ou=system", newNameRdn );
-        
+
+        ModifyDnResponse resp = userConnection
+            .rename( entryRdn + "," + newParentRdn + ",ou=system", newNameRdn );
+
         ResultCodeEnum code = resp.getLdapResult().getResultCode();
-        
+
         if ( ( code == ResultCodeEnum.SUCCESS ) || ( code == ResultCodeEnum.ENTRY_ALREADY_EXISTS ) )
         {
             userConnection.delete( newNameRdn + "," + newParentRdn + ",ou=system" );
@@ -162,15 +165,15 @@ public class MoveRenameAuthorizationIT e
         }
         else
         {
-            if( isMoved )
+            if ( isMoved )
             {
                 entryDN = entryDN.add( 1, newParentRdn );
                 adminConnection.delete( entryDN );
             }
-            
+
             result = false;
         }
-        
+
         // delete the renamed context as the admin user
         return result;
     }
@@ -196,27 +199,11 @@ public class MoveRenameAuthorizationIT e
         assertFalse( checkCanRenameAs( "billyd", "billyd", "ou=testou", "ou=newname" ) );
 
         // Gives grantRename perm to all users in the Administrators group for entries
-        createAccessControlSubentry( 
-            "grantRenameByAdmin", 
-            "{ " + 
-            "  identificationTag \"addAci\", " + 
-            "  precedence 14, " +
-            "  authenticationLevel none, " + 
-            "  itemOrUserFirst userFirst: " +
-            "  { " +
-            "    userClasses " +
-            "    { " +
-            "      userGroup { \"cn=Administrators,ou=groups,ou=system\" } " +
-            "    }, " + 
-            "    userPermissions " +
-            "    { " +
-            "      { " +
-            "        protectedItems {entry}, " + 
-            "        grantsAndDenials { grantRename, grantBrowse } " +
-            "      } " +
-            "    } " +
-            "  } " +
-            "}" );
+        createAccessControlSubentry( "grantRenameByAdmin", "{ " + "  identificationTag \"addAci\", "
+            + "  precedence 14, " + "  authenticationLevel none, " + "  itemOrUserFirst userFirst: " + "  { "
+            + "    userClasses " + "    { " + "      userGroup { \"cn=Administrators,ou=groups,ou=system\" } "
+            + "    }, " + "    userPermissions " + "    { " + "      { " + "        protectedItems {entry}, "
+            + "        grantsAndDenials { grantRename, grantBrowse } " + "      } " + "    } " + "  } " + "}" );
 
         // see if we can now rename that test entry which we could not before
         // rename op should still fail since billyd is not in the admin group
@@ -245,27 +232,12 @@ public class MoveRenameAuthorizationIT e
 
         // Gives grantRename, grantImport, grantExport perm to all users in the Administrators
         // group for entries - browse is needed just to read navigate the tree at root
-        createAccessControlSubentry( 
-            "grantRenameMoveByAdmin", 
-            "{ " + 
-            "  identificationTag \"addAci\", " +
-            "  precedence 14, " + 
-            "  authenticationLevel none, " + 
-            "  itemOrUserFirst userFirst: " +
-            "  { " +
-            "    userClasses " +
-            "    { " +
-            "      userGroup { \"cn=Administrators,ou=groups,ou=system\" } " +
-            "    }, " + 
-            "    userPermissions " +
-            "    { " +
-            "      { " +
-            "        protectedItems {entry}, " +
-            "        grantsAndDenials { grantExport, grantImport, grantRename, grantBrowse } " +
-            "      } " +
-            "    } " +
-            "  } " +
-            "}" );
+        createAccessControlSubentry( "grantRenameMoveByAdmin", "{ " + "  identificationTag \"addAci\", "
+            + "  precedence 14, " + "  authenticationLevel none, " + "  itemOrUserFirst userFirst: " + "  { "
+            + "    userClasses " + "    { " + "      userGroup { \"cn=Administrators,ou=groups,ou=system\" } "
+            + "    }, " + "    userPermissions " + "    { " + "      { " + "        protectedItems {entry}, "
+            + "        grantsAndDenials { grantExport, grantImport, grantRename, grantBrowse } " + "      } "
+            + "    } " + "  } " + "}" );
 
         // see if we can move and rename the test entry which we could not before
         // op should still fail since billyd is not in the admin group
@@ -293,27 +265,12 @@ public class MoveRenameAuthorizationIT e
         assertFalse( checkCanMoveAndRenameAs( "billyd", "billyd", "ou=testou", "ou=testou", "ou=groups" ) );
 
         // Gives grantImport, and grantExport perm to all users in the Administrators group for entries
-        createAccessControlSubentry( 
-            "grantMoveByAdmin", 
-            "{ " + 
-            "  identificationTag \"addAci\", " + 
-            "  precedence 14, " +
-            "  authenticationLevel none, " + 
-            "  itemOrUserFirst userFirst: " +
-            "  { " +
-            "    userClasses " +
-            "    { " +
-            "      userGroup { \"cn=Administrators,ou=groups,ou=system\" } " +
-            "    }, " + 
-            "    userPermissions " +
-            "    { " +
-            "      { " +
-            "        protectedItems {entry}, " + 
-            "        grantsAndDenials { grantExport, grantImport, grantBrowse } " +
-            "      } " +
-            "    } " +
-            "  } " +
-            "}" );
+        createAccessControlSubentry( "grantMoveByAdmin", "{ " + "  identificationTag \"addAci\", "
+            + "  precedence 14, " + "  authenticationLevel none, " + "  itemOrUserFirst userFirst: " + "  { "
+            + "    userClasses " + "    { " + "      userGroup { \"cn=Administrators,ou=groups,ou=system\" } "
+            + "    }, " + "    userPermissions " + "    { " + "      { " + "        protectedItems {entry}, "
+            + "        grantsAndDenials { grantExport, grantImport, grantBrowse } " + "      } " + "    } " + "  } "
+            + "}" );
 
         // see if we can now move that test entry which we could not before
         // op should still fail since billyd is not in the admin group
@@ -352,24 +309,11 @@ public class MoveRenameAuthorizationIT e
         assertFalse( checkCanRenameAs( "billyd", "billyd", "ou=testou", "ou=newname" ) );
 
         // Gives grantRename perm specifically to the billyd user
-        createAccessControlSubentry( 
-            "grantRenameByName", 
-            "{ " + 
-            "  identificationTag \"addAci\", " + 
-            "  precedence 14, " +
-            "  authenticationLevel none, " + 
-            "  itemOrUserFirst userFirst: " +
-            "  { " +
-            "    userClasses { name { \"uid=billyd,ou=users,ou=system\" } }, " + 
-            "    userPermissions " +
-            "    { " +
-            "      { " +
-            "        protectedItems {entry}, " + 
-            "        grantsAndDenials { grantRename, grantBrowse } " +
-            "      } " +
-            "    } " +
-            "  } " +
-            "}" );
+        createAccessControlSubentry( "grantRenameByName", "{ " + "  identificationTag \"addAci\", "
+            + "  precedence 14, " + "  authenticationLevel none, " + "  itemOrUserFirst userFirst: " + "  { "
+            + "    userClasses { name { \"uid=billyd,ou=users,ou=system\" } }, " + "    userPermissions " + "    { "
+            + "      { " + "        protectedItems {entry}, "
+            + "        grantsAndDenials { grantRename, grantBrowse } " + "      } " + "    } " + "  } " + "}" );
 
         // try a rename operation which should succeed with ACI
         assertTrue( checkCanRenameAs( "billyd", "billyd", "ou=testou", "ou=newname" ) );
@@ -389,24 +333,12 @@ public class MoveRenameAuthorizationIT e
         assertFalse( checkCanMoveAndRenameAs( "billyd", "billyd", "ou=testou,ou=users", "ou=newname", "ou=groups" ) );
 
         // Gives grantRename, grantImport, grantExport perm to billyd user on entries
-        createAccessControlSubentry( 
-            "grantRenameMoveByName", 
-            "{ " + 
-            "  identificationTag \"addAci\", " +
-            "  precedence 14, " + 
-            "  authenticationLevel none, " + 
-            "  itemOrUserFirst userFirst: " +
-            "  { " +
-            "    userClasses { name { \"uid=billyd,ou=users,ou=system\" } }, " + 
-            "    userPermissions " +
-            "    { " +
-            "      { " +
-            "        protectedItems {entry}, " +
-            "        grantsAndDenials { grantExport, grantImport, grantRename, grantBrowse } " +
-            "      } " +
-            "    } " +
-            "  } " +
-            "}" );
+        createAccessControlSubentry( "grantRenameMoveByName", "{ " + "  identificationTag \"addAci\", "
+            + "  precedence 14, " + "  authenticationLevel none, " + "  itemOrUserFirst userFirst: " + "  { "
+            + "    userClasses { name { \"uid=billyd,ou=users,ou=system\" } }, " + "    userPermissions " + "    { "
+            + "      { " + "        protectedItems {entry}, "
+            + "        grantsAndDenials { grantExport, grantImport, grantRename, grantBrowse } " + "      } "
+            + "    } " + "  } " + "}" );
 
         // try move w/ rdn change which should succeed with ACI
         assertTrue( checkCanMoveAndRenameAs( "billyd", "billyd", "ou=testou", "ou=newname", "ou=groups" ) );
@@ -426,24 +358,12 @@ public class MoveRenameAuthorizationIT e
         assertFalse( checkCanMoveAndRenameAs( "billyd", "billyd", "ou=testou", "ou=testou", "ou=groups" ) );
 
         // Gives grantImport, and grantExport perm to billyd user for entries
-        createAccessControlSubentry( 
-            "grantMoveByName", 
-            "{ " + 
-            "  identificationTag \"addAci\", " + 
-            "  precedence 14, " +
-            "  authenticationLevel none, " + 
-            "  itemOrUserFirst userFirst: " +
-            "  { " +
-            "    userClasses { name { \"uid=billyd,ou=users,ou=system\" } }, " + 
-            "    userPermissions " +
-            "    { " +
-            "      { " +
-            "        protectedItems {entry}, " + 
-            "        grantsAndDenials { grantExport, grantImport, grantRename, grantBrowse } " +
-            "      } " +
-            "    } " +
-            "  } " +
-            "}" );
+        createAccessControlSubentry( "grantMoveByName", "{ " + "  identificationTag \"addAci\", " + "  precedence 14, "
+            + "  authenticationLevel none, " + "  itemOrUserFirst userFirst: " + "  { "
+            + "    userClasses { name { \"uid=billyd,ou=users,ou=system\" } }, " + "    userPermissions " + "    { "
+            + "      { " + "        protectedItems {entry}, "
+            + "        grantsAndDenials { grantExport, grantImport, grantRename, grantBrowse } " + "      } "
+            + "    } " + "  } " + "}" );
 
         // try move operation which should succeed with ACI
         assertTrue( checkCanMoveAndRenameAs( "billyd", "billyd", "ou=testou", "ou=testou", "ou=groups" ) );
@@ -474,27 +394,11 @@ public class MoveRenameAuthorizationIT e
         assertFalse( checkCanRenameAs( "billyd", "billyd", "ou=testou", "ou=newname" ) );
 
         // Gives grantRename perm for entries to those users selected by the subtree
-        createAccessControlSubentry( 
-            "grantRenameByTree", 
-            "{ " + 
-            "  identificationTag \"addAci\", " + 
-            "  precedence 14, " +
-            "  authenticationLevel none, " + 
-            "  itemOrUserFirst userFirst: " +
-            "  { " +
-            "    userClasses " +
-            "    { " +
-            "      subtree { { base \"ou=users,ou=system\" } } " +
-            "    }, " + 
-            "    userPermissions " +
-            "    { " +
-            "      { " +
-            "        protectedItems {entry}, " + 
-            "        grantsAndDenials { grantRename, grantBrowse } " +
-            "      } " +
-            "    } " +
-            "  } " +
-            "}" );
+        createAccessControlSubentry( "grantRenameByTree", "{ " + "  identificationTag \"addAci\", "
+            + "  precedence 14, " + "  authenticationLevel none, " + "  itemOrUserFirst userFirst: " + "  { "
+            + "    userClasses " + "    { " + "      subtree { { base \"ou=users,ou=system\" } } " + "    }, "
+            + "    userPermissions " + "    { " + "      { " + "        protectedItems {entry}, "
+            + "        grantsAndDenials { grantRename, grantBrowse } " + "      } " + "    } " + "  } " + "}" );
 
         // try a rename operation which should succeed with ACI
         assertTrue( checkCanRenameAs( "billyd", "billyd", "ou=testou", "ou=newname" ) );
@@ -514,26 +418,12 @@ public class MoveRenameAuthorizationIT e
         assertFalse( checkCanMoveAndRenameAs( "billyd", "billyd", "ou=testou", "ou=newname", "ou=groups" ) );
 
         // Gives grantRename, grantImport, grantExport for entries to users selected by subtree
-        createAccessControlSubentry( 
-            "grantRenameMoveByTree", 
-            "{ " + 
-            "  identificationTag \"addAci\", " +
-            "  precedence 14, " + 
-            "  authenticationLevel none, " + 
-            "  itemOrUserFirst userFirst: { " +
-            "    userClasses " +
-            "    { " +
-            "      subtree { { base \"ou=users,ou=system\" } } " +
-            "    }, " + 
-            "    userPermissions " +
-            "    { " +
-            "      { " +
-            "        protectedItems {entry}, " +
-            "        grantsAndDenials { grantExport, grantImport, grantRename, grantBrowse } " +
-            "      } " +
-            "    } " +
-            "  } " +
-            "}" );
+        createAccessControlSubentry( "grantRenameMoveByTree", "{ " + "  identificationTag \"addAci\", "
+            + "  precedence 14, " + "  authenticationLevel none, " + "  itemOrUserFirst userFirst: { "
+            + "    userClasses " + "    { " + "      subtree { { base \"ou=users,ou=system\" } } " + "    }, "
+            + "    userPermissions " + "    { " + "      { " + "        protectedItems {entry}, "
+            + "        grantsAndDenials { grantExport, grantImport, grantRename, grantBrowse } " + "      } "
+            + "    } " + "  } " + "}" );
 
         // try move w/ rdn change which should succeed with ACI
         assertTrue( checkCanMoveAndRenameAs( "billyd", "billyd", "ou=testou", "ou=newname", "ou=groups" ) );
@@ -553,27 +443,12 @@ public class MoveRenameAuthorizationIT e
         assertFalse( checkCanMoveAndRenameAs( "billyd", "billyd", "ou=testou", "ou=testou", "ou=groups" ) );
 
         // Gives grantImport, and grantExport perm for entries to subtree selected users
-        createAccessControlSubentry( 
-            "grantMoveByTree", 
-            "{ " + 
-            "  identificationTag \"addAci\", " + 
-            "  precedence 14, " +
-            "  authenticationLevel none, " + 
-            "  itemOrUserFirst userFirst: " +
-            "  { " +
-            "    userClasses " +
-            "    { " +
-            "      subtree { { base \"ou=users,ou=system\" } } " +
-            "    }, " + 
-            "    userPermissions " +
-            "    { " +
-            "      { " +
-            "        protectedItems {entry}, " + 
-            "        grantsAndDenials { grantExport, grantImport, grantRename, grantBrowse } " +
-            "      } " +
-            "    } " +
-            "  } " +
-            "}" );
+        createAccessControlSubentry( "grantMoveByTree", "{ " + "  identificationTag \"addAci\", " + "  precedence 14, "
+            + "  authenticationLevel none, " + "  itemOrUserFirst userFirst: " + "  { " + "    userClasses " + "    { "
+            + "      subtree { { base \"ou=users,ou=system\" } } " + "    }, " + "    userPermissions " + "    { "
+            + "      { " + "        protectedItems {entry}, "
+            + "        grantsAndDenials { grantExport, grantImport, grantRename, grantBrowse } " + "      } "
+            + "    } " + "  } " + "}" );
 
         // try move operation which should succeed with ACI
         assertTrue( checkCanMoveAndRenameAs( "billyd", "billyd", "ou=testou", "ou=testou", "ou=groups" ) );
@@ -604,24 +479,11 @@ public class MoveRenameAuthorizationIT e
         assertFalse( checkCanRenameAs( "billyd", "billyd", "ou=testou", "ou=newname" ) );
 
         // Gives grantRename perm for entries to any user
-        createAccessControlSubentry( 
-            "grantRenameByAny", 
-            "{ " + 
-            "  identificationTag \"addAci\", " + 
-            "  precedence 14, " +
-            "  authenticationLevel none, " + 
-            "  itemOrUserFirst userFirst: " +
-            "  { " + 
-            "    userClasses { allUsers }, " +
-            "    userPermissions " +
-            "    { " +
-            "      { " + 
-            "        protectedItems {entry}, " +
-            "        grantsAndDenials { grantRename, grantBrowse } " +
-            "      } " +
-            "    } " +
-            "  } " +
-            "}" );
+        createAccessControlSubentry( "grantRenameByAny", "{ " + "  identificationTag \"addAci\", "
+            + "  precedence 14, " + "  authenticationLevel none, " + "  itemOrUserFirst userFirst: " + "  { "
+            + "    userClasses { allUsers }, " + "    userPermissions " + "    { " + "      { "
+            + "        protectedItems {entry}, " + "        grantsAndDenials { grantRename, grantBrowse } "
+            + "      } " + "    } " + "  } " + "}" );
 
         // try a rename operation which should succeed with ACI
         assertTrue( checkCanRenameAs( "billyd", "billyd", "ou=testou", "ou=newname" ) );
@@ -641,24 +503,12 @@ public class MoveRenameAuthorizationIT e
         assertFalse( checkCanMoveAndRenameAs( "billyd", "billyd", "ou=testou", "ou=newname", "ou=groups" ) );
 
         // Gives grantRename, grantImport, grantExport for entries to any user
-        createAccessControlSubentry( 
-            "grantRenameMoveByAny", 
-            "{ " + 
-            "  identificationTag \"addAci\", " +
-            "  precedence 14, " + 
-            "  authenticationLevel none, " + 
-            "  itemOrUserFirst userFirst: " +
-            "  { " +
-            "    userClasses { allUsers }, " + 
-            "    userPermissions " +
-            "    { " +
-            "      { " + 
-            "        protectedItems {entry}, " +
-            "        grantsAndDenials { grantExport, grantImport, grantRename, grantBrowse } " +
-            "      } " +
-            "    } " +
-            "  } " +
-            "}" );
+        createAccessControlSubentry( "grantRenameMoveByAny", "{ " + "  identificationTag \"addAci\", "
+            + "  precedence 14, " + "  authenticationLevel none, " + "  itemOrUserFirst userFirst: " + "  { "
+            + "    userClasses { allUsers }, " + "    userPermissions " + "    { " + "      { "
+            + "        protectedItems {entry}, "
+            + "        grantsAndDenials { grantExport, grantImport, grantRename, grantBrowse } " + "      } "
+            + "    } " + "  } " + "}" );
 
         // try move w/ rdn change which should succeed with ACI
         assertTrue( checkCanMoveAndRenameAs( "billyd", "billyd", "ou=testou", "ou=newname", "ou=groups" ) );
@@ -678,24 +528,12 @@ public class MoveRenameAuthorizationIT e
         assertFalse( checkCanMoveAndRenameAs( "billyd", "billyd", "ou=testou", "ou=testou", "ou=groups" ) );
 
         // Gives grantImport, and grantExport perm for entries to any user
-        createAccessControlSubentry( 
-            "grantMoveByAny", 
-            "{ " + 
-            "  identificationTag \"addAci\", " + 
-            "  precedence 14, " +
-            "  authenticationLevel none, " + 
-            "  itemOrUserFirst userFirst: " +
-            "  { " + 
-            "    userClasses { allUsers }, " +
-            "    userPermissions " +
-            "    { " +
-            "      { " + 
-            "        protectedItems {entry}, " +
-            "        grantsAndDenials { grantExport, grantImport, grantRename, grantBrowse } " +
-            "      } " +
-            "    } " +
-            "  } " +
-            "}" );
+        createAccessControlSubentry( "grantMoveByAny", "{ " + "  identificationTag \"addAci\", " + "  precedence 14, "
+            + "  authenticationLevel none, " + "  itemOrUserFirst userFirst: " + "  { "
+            + "    userClasses { allUsers }, " + "    userPermissions " + "    { " + "      { "
+            + "        protectedItems {entry}, "
+            + "        grantsAndDenials { grantExport, grantImport, grantRename, grantBrowse } " + "      } "
+            + "    } " + "  } " + "}" );
 
         // try move operation which should succeed with ACI
         assertTrue( checkCanMoveAndRenameAs( "billyd", "billyd", "ou=testou", "ou=testou", "ou=groups" ) );
@@ -704,8 +542,8 @@ public class MoveRenameAuthorizationIT e
         deleteAccessControlSubentry( "grantMoveByAny" );
         deleteUser( "billyd" );
     }
-    
-    
+
+
     /**
      * Checks to make sure Export and Import permissions work correctly
      * when they are defined on seperate contexts.
@@ -725,73 +563,33 @@ public class MoveRenameAuthorizationIT e
         // try an move w/ rdn change which should fail without any ACI
         assertFalse( checkCanMoveAndRenameAs( "billyd", "billyd", "ou=testou", "ou=newname", "ou=groups" ) );
 
-        
         // Gives grantBrowse perm to all users in the Administrators
         // group for entries
         // It's is needed just to read navigate the tree at root
-        createAccessControlSubentry(
-            "grantBrowseForTheWholeNamingContext",
-            "{ }",
-            "{ " + 
-            "  identificationTag \"browseACI\", " +
-            "  precedence 14, " + 
-            "  authenticationLevel none, " + 
-            "  itemOrUserFirst userFirst: " +
-            "  { " +
-            "    userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }, " + 
-            "    userPermissions " +
-            "    { " +
-            "      { " +
-            "        protectedItems { entry }, " +
-            "        grantsAndDenials { grantBrowse } " +
-            "      } " +
-            "    } " +
-            "  } " +
-            "}" );
-        
+        createAccessControlSubentry( "grantBrowseForTheWholeNamingContext", "{ }", "{ "
+            + "  identificationTag \"browseACI\", " + "  precedence 14, " + "  authenticationLevel none, "
+            + "  itemOrUserFirst userFirst: " + "  { "
+            + "    userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }, " + "    userPermissions "
+            + "    { " + "      { " + "        protectedItems { entry }, "
+            + "        grantsAndDenials { grantBrowse } " + "      } " + "    } " + "  } " + "}" );
+
         // Gives grantExport, grantRename perm to all users in the Administrators
         // group for entries
-        createAccessControlSubentry(
-            "grantExportFromASubtree",
-            "{ base \"ou=users\" }", 
-            "{ " + 
-            "  identificationTag \"exportACI\", " +
-            "  precedence 14, " + 
-            "  authenticationLevel none, " + 
-            "  itemOrUserFirst userFirst: " +
-            "  { " +
-            "    userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }, " + 
-            "    userPermissions " +
-            "    { " +
-            "      { " +
-            "        protectedItems { entry }, " +
-            "        grantsAndDenials { grantExport, grantRename } " +
-            "      } " +
-            "    } " +
-            "  } " +
-            "}" );
-        
+        createAccessControlSubentry( "grantExportFromASubtree", "{ base \"ou=users\" }", "{ "
+            + "  identificationTag \"exportACI\", " + "  precedence 14, " + "  authenticationLevel none, "
+            + "  itemOrUserFirst userFirst: " + "  { "
+            + "    userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }, " + "    userPermissions "
+            + "    { " + "      { " + "        protectedItems { entry }, "
+            + "        grantsAndDenials { grantExport, grantRename } " + "      } " + "    } " + "  } " + "}" );
+
         // Gives grantImport perm to all users in the Administrators
         // group for the target context
-        createAccessControlSubentry(
-            "grantImportToASubtree",
-            "{ base \"ou=groups\" }", 
-            "{ " + 
-            "  identificationTag \"importACI\", " +
-            "  precedence 14, " + 
-            "  authenticationLevel none, " + 
-            "  itemOrUserFirst userFirst: " +
-            "  { " +
-            "    userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }, " + 
-            "    userPermissions " +
-            "    { " +
-            "      { " +
-            "        protectedItems { entry }, " +
-            "        grantsAndDenials { grantImport } " +
-            "      } " +
-            "    } " +
-            "  } " +
-            "}" );
+        createAccessControlSubentry( "grantImportToASubtree", "{ base \"ou=groups\" }", "{ "
+            + "  identificationTag \"importACI\", " + "  precedence 14, " + "  authenticationLevel none, "
+            + "  itemOrUserFirst userFirst: " + "  { "
+            + "    userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" } }, " + "    userPermissions "
+            + "    { " + "      { " + "        protectedItems { entry }, "
+            + "        grantsAndDenials { grantImport } " + "      } " + "    } " + "  } " + "}" );
 
         // see if we can move and rename the test entry which we could not before
         // op should still fail since billyd is not in the admin group

Modified: directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/SearchAuthorizationIT.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/SearchAuthorizationIT.java?rev=987611&r1=987610&r2=987611&view=diff
==============================================================================
--- directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/SearchAuthorizationIT.java (original)
+++ directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/SearchAuthorizationIT.java Fri Aug 20 19:31:58 2010
@@ -39,8 +39,6 @@ import java.util.HashMap;
 import java.util.Map;
 
 import org.apache.directory.ldap.client.api.LdapConnection;
-import org.apache.directory.ldap.client.api.message.SearchResponse;
-import org.apache.directory.ldap.client.api.message.SearchResultEntry;
 import org.apache.directory.server.core.annotations.CreateDS;
 import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
 import org.apache.directory.server.core.integ.FrameworkRunner;
@@ -50,6 +48,8 @@ import org.apache.directory.shared.ldap.
 import org.apache.directory.shared.ldap.entry.DefaultEntry;
 import org.apache.directory.shared.ldap.entry.Entry;
 import org.apache.directory.shared.ldap.filter.SearchScope;
+import org.apache.directory.shared.ldap.message.Response;
+import org.apache.directory.shared.ldap.message.SearchResultEntry;
 import org.apache.directory.shared.ldap.name.DN;
 import org.junit.After;
 import org.junit.Before;
@@ -65,13 +65,14 @@ import org.junit.runner.RunWith;
  * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
  */
 @RunWith(FrameworkRunner.class)
-@CreateDS( enableAccessControl=true )
+@CreateDS(enableAccessControl = true)
 public class SearchAuthorizationIT extends AbstractLdapTestUnit
 {
 
     // to avoid creating too many connections during recursive operations
     private LdapConnection reusableAdminCon;
-    
+
+
     @Before
     public void setService() throws Exception
     {
@@ -79,13 +80,13 @@ public class SearchAuthorizationIT exten
         reusableAdminCon = getAdminConnection();
     }
 
+
     @After
     public void closeConnections()
     {
         IntegrationUtils.closeConnections();
     }
-    
-    
+
     /**
      * The search results of tests are added to this map via put (<String, Entry>)
      * the map is also cleared before each search test.  This allows further inspections
@@ -104,11 +105,11 @@ public class SearchAuthorizationIT exten
     private Entry[] getTestNodes( final int count )
     {
         Entry[] entries = new DefaultEntry[count];
-        
+
         for ( int i = 0; i < count; i++ )
         {
             Entry entry = new DefaultEntry();
-            
+
             try
             {
                 entry.add( "objectClass", "organizationalUnit" );
@@ -119,7 +120,7 @@ public class SearchAuthorizationIT exten
             {
                 e.printStackTrace();
             }
-            
+
             entries[i] = entry;
         }
 
@@ -190,7 +191,8 @@ public class SearchAuthorizationIT exten
      */
     private void recursivelyDelete( DN rdn ) throws Exception
     {
-        Cursor<SearchResponse> results = reusableAdminCon.search( rdn.getName(), "(objectClass=*)", SearchScope.ONELEVEL, "*" );
+        Cursor<Response> results = reusableAdminCon.search( rdn.getName(), "(objectClass=*)",
+            SearchScope.ONELEVEL, "*" );
 
         while ( results.next() )
         {
@@ -275,7 +277,7 @@ public class SearchAuthorizationIT exten
         DN userDn = new DN( "uid=" + uid + ",ou=users,ou=system" );
         results.clear();
         LdapConnection userCtx = getConnectionAs( userDn, password );
-        Cursor<SearchResponse> cursor = userCtx.search( base.getName(), filter, scope, "*" );
+        Cursor<Response> cursor = userCtx.search( base.getName(), filter, scope, "*" );
         int counter = 0;
 
         while ( cursor.next() )
@@ -315,7 +317,7 @@ public class SearchAuthorizationIT exten
 
         results.clear();
         LdapConnection userCtx = getConnectionAs( userDn, password );
-        Cursor<SearchResponse> cursor = userCtx.search( base.getName(), "(objectClass=*)", scope, "*" );
+        Cursor<Response> cursor = userCtx.search( base.getName(), "(objectClass=*)", scope, "*" );
         int counter = 0;
 
         while ( cursor.next() )
@@ -344,8 +346,8 @@ public class SearchAuthorizationIT exten
         LdapConnection connection = getAdminConnection();
         DN base = addSearchData( new DN( "ou=system" ), 3, 10 );
 
-        Cursor<SearchResponse> results = connection
-            .search( base.getName(), "(objectClass=*)", SearchScope.SUBTREE, "+" );
+        Cursor<Response> results = connection.search( base.getName(), "(objectClass=*)", SearchScope.SUBTREE,
+            "+" );
         int counter = 0;
 
         while ( results.next() )
@@ -382,27 +384,12 @@ public class SearchAuthorizationIT exten
 
         // Gives search perms to all users in the Administrators group for
         // entries and all attribute types and values
-        createAccessControlSubentry( 
-            "searchAdmin", 
-            "{ " + 
-            "  identificationTag \"searchAci\", " + 
-            "  precedence 14, " +
-            "  authenticationLevel none, " + 
-            "  itemOrUserFirst userFirst: " +
-            "  { " +
-            "    userClasses " +
-            "    { " +
-            "      userGroup { \"cn=Administrators,ou=groups,ou=system\" } " +
-            "    }, " + 
-            "    userPermissions " +
-            "    { " +
-            "      { " +
-            "        protectedItems {entry, allUserAttributeTypesAndValues}, " +
-            "        grantsAndDenials { grantRead, grantReturnDN, grantBrowse } " +
-            "      } " +
-            "    } " +
-            "  } " +
-            "}" );
+        createAccessControlSubentry( "searchAdmin", "{ " + "  identificationTag \"searchAci\", " + "  precedence 14, "
+            + "  authenticationLevel none, " + "  itemOrUserFirst userFirst: " + "  { " + "    userClasses " + "    { "
+            + "      userGroup { \"cn=Administrators,ou=groups,ou=system\" } " + "    }, " + "    userPermissions "
+            + "    { " + "      { " + "        protectedItems {entry, allUserAttributeTypesAndValues}, "
+            + "        grantsAndDenials { grantRead, grantReturnDN, grantBrowse } " + "      } " + "    } " + "  } "
+            + "}" );
 
         // see if we can now search that test entry which we could not before
         // add or should still fail since billd is not in the admin group
@@ -431,27 +418,12 @@ public class SearchAuthorizationIT exten
         assertFalse( checkCanSearchAs( "billyd", "billyd" ) );
 
         // now add a subentry that enables user billyd to search an entry below ou=system
-        createAccessControlSubentry( 
-            "billydSearch", 
-            "{ " + 
-            "  identificationTag \"searchAci\", " + 
-            "  precedence 14, " +
-            "  authenticationLevel none, " + 
-            "  itemOrUserFirst userFirst: " +
-            "  { " +
-            "    userClasses " +
-            "    { " +
-            "      name { \"uid=billyd,ou=users,ou=system\" } " +
-            "    }, " + 
-            "    userPermissions " +
-            "    { " +
-            "      { " +
-            "        protectedItems {entry, allUserAttributeTypesAndValues}, " +
-            "        grantsAndDenials { grantRead, grantReturnDN, grantBrowse } " +
-            "      } " +
-            "    }" +
-            "  } " +
-            "}" );
+        createAccessControlSubentry( "billydSearch", "{ " + "  identificationTag \"searchAci\", " + "  precedence 14, "
+            + "  authenticationLevel none, " + "  itemOrUserFirst userFirst: " + "  { " + "    userClasses " + "    { "
+            + "      name { \"uid=billyd,ou=users,ou=system\" } " + "    }, " + "    userPermissions " + "    { "
+            + "      { " + "        protectedItems {entry, allUserAttributeTypesAndValues}, "
+            + "        grantsAndDenials { grantRead, grantReturnDN, grantBrowse } " + "      } " + "    }" + "  } "
+            + "}" );
 
         // should work now that billyd is authorized by name
         assertTrue( checkCanSearchAs( "billyd", "billyd" ) );
@@ -474,27 +446,12 @@ public class SearchAuthorizationIT exten
         assertFalse( checkCanSearchAs( "BillyD", "billyd" ) );
 
         // now add a subentry that enables user billyd to search an entry below ou=system
-        createAccessControlSubentry( 
-            "billydSearch", 
-            "{ " + 
-            "  identificationTag \"searchAci\", " + 
-            "  precedence 14, " +
-            "  authenticationLevel none, " + 
-            "  itemOrUserFirst userFirst: " +
-            "  { " +
-            "    userClasses " +
-            "    { " +
-            "      name { \"uid=billyd,ou=users,ou=system\" } " +
-            "    }, " + 
-            "    userPermissions " +
-            "    { " +
-            "      { " +
-            "        protectedItems {entry, allUserAttributeTypesAndValues}, " +
-            "        grantsAndDenials { grantRead, grantReturnDN, grantBrowse } " +
-            "      } " +
-            "    } " +
-            "  } " +
-            "}" );
+        createAccessControlSubentry( "billydSearch", "{ " + "  identificationTag \"searchAci\", " + "  precedence 14, "
+            + "  authenticationLevel none, " + "  itemOrUserFirst userFirst: " + "  { " + "    userClasses " + "    { "
+            + "      name { \"uid=billyd,ou=users,ou=system\" } " + "    }, " + "    userPermissions " + "    { "
+            + "      { " + "        protectedItems {entry, allUserAttributeTypesAndValues}, "
+            + "        grantsAndDenials { grantRead, grantReturnDN, grantBrowse } " + "      } " + "    } " + "  } "
+            + "}" );
 
         // should work now that billyd is authorized by name
         assertTrue( checkCanSearchAs( "BillyD", "billyd" ) );
@@ -516,30 +473,13 @@ public class SearchAuthorizationIT exten
         assertFalse( checkCanSearchAs( "billyd", "billyd" ) );
 
         // now add a subentry that enables user billyd to search an entry below ou=system
-        createAccessControlSubentry( 
-            "billySearchBySubtree", 
-            "{ " + 
-            "  identificationTag \"searchAci\", " +
-            "  precedence 14, " + 
-            "  authenticationLevel none, " + 
-            "  itemOrUserFirst userFirst: " +
-            "  { " +
-            "    userClasses " +
-            "    { " +
-            "      subtree " +
-            "      { " +
-            "        { base \"ou=users,ou=system\" } " +
-            "      } " +
-            "    }, " + 
-            "    userPermissions " +
-            "    { " +
-            "      { " +
-            "        protectedItems {entry, allUserAttributeTypesAndValues}, " +
-            "        grantsAndDenials {  grantRead, grantReturnDN, grantBrowse } " +
-            "      } " +
-            "    } " +
-            "  } " +
-            "}" );
+        createAccessControlSubentry( "billySearchBySubtree", "{ " + "  identificationTag \"searchAci\", "
+            + "  precedence 14, " + "  authenticationLevel none, " + "  itemOrUserFirst userFirst: " + "  { "
+            + "    userClasses " + "    { " + "      subtree " + "      { "
+            + "        { base \"ou=users,ou=system\" } " + "      } " + "    }, " + "    userPermissions " + "    { "
+            + "      { " + "        protectedItems {entry, allUserAttributeTypesAndValues}, "
+            + "        grantsAndDenials {  grantRead, grantReturnDN, grantBrowse } " + "      } " + "    } " + "  } "
+            + "}" );
 
         // should work now that billyd is authorized by the subtree userClass
         assertTrue( checkCanSearchAs( "billyd", "billyd" ) );
@@ -561,24 +501,12 @@ public class SearchAuthorizationIT exten
         assertFalse( checkCanSearchAs( "billyd", "billyd" ) );
 
         // now add a subentry that enables anyone to search an entry below ou=system
-        createAccessControlSubentry( 
-            "anybodySearch", 
-            "{ " + 
-            "  identificationTag \"searchAci\", " + 
-            "  precedence 14, " +
-            "  authenticationLevel none, " + 
-            "  itemOrUserFirst userFirst: " +
-            "  { " + 
-            "    userClasses { allUsers }, " +
-            "    userPermissions " +
-            "    { " +
-            "      { " + 
-            "        protectedItems {entry, allUserAttributeTypesAndValues}, " +
-            "        grantsAndDenials { grantRead, grantReturnDN, grantBrowse } " +
-            "      } " +
-            "    } " +
-            "  } " +
-            "}" );
+        createAccessControlSubentry( "anybodySearch", "{ " + "  identificationTag \"searchAci\", "
+            + "  precedence 14, " + "  authenticationLevel none, " + "  itemOrUserFirst userFirst: " + "  { "
+            + "    userClasses { allUsers }, " + "    userPermissions " + "    { " + "      { "
+            + "        protectedItems {entry, allUserAttributeTypesAndValues}, "
+            + "        grantsAndDenials { grantRead, grantReturnDN, grantBrowse } " + "      } " + "    } " + "  } "
+            + "}" );
 
         // see if we can now search that tree which we could not before
         // should work now with billyd now that all users are authorized
@@ -607,25 +535,12 @@ public class SearchAuthorizationIT exten
 
         // now add a subentry that enables anyone to search an entry below ou=system
         // down two more rdns for DNs of a max size of 3
-        createAccessControlSubentry( 
-            "anybodySearch", 
-            "{ maximum 2 }", 
-            "{ " + 
-            "  identificationTag \"searchAci\", " +
-            "  precedence 14, " + 
-            "  authenticationLevel none, " + 
-            "  itemOrUserFirst userFirst: " +
-            "  { " +
-            "    userClasses { allUsers }, " + 
-            "    userPermissions " +
-            "    { " +
-            "      { " +
-            "        protectedItems {entry, allUserAttributeTypesAndValues}, " +
-            "        grantsAndDenials { grantRead, grantReturnDN, grantBrowse } " +
-            "      } " +
-            "    } " +
-            "  } " +
-            "}" );
+        createAccessControlSubentry( "anybodySearch", "{ maximum 2 }", "{ " + "  identificationTag \"searchAci\", "
+            + "  precedence 14, " + "  authenticationLevel none, " + "  itemOrUserFirst userFirst: " + "  { "
+            + "    userClasses { allUsers }, " + "    userPermissions " + "    { " + "      { "
+            + "        protectedItems {entry, allUserAttributeTypesAndValues}, "
+            + "        grantsAndDenials { grantRead, grantReturnDN, grantBrowse } " + "      } " + "    } " + "  } "
+            + "}" );
 
         // see if we can now search that test entry which we could not before
         // should work now with billyd now that all users are authorized
@@ -651,25 +566,12 @@ public class SearchAuthorizationIT exten
         // now add a subentry that enables anyone to search an entry below ou=system
         // down two more rdns for DNs of a max size of 3.  It only grants access to
         // the ou and objectClass attributes however.
-        createAccessControlSubentry( 
-            "excludeTelephoneNumber", 
-            "{ maximum 2 }", 
-            "{ " +
-            "  identificationTag \"searchAci\", " + 
-            "  precedence 14, " + 
-            "  authenticationLevel none, " +
-            "  itemOrUserFirst userFirst: " +
-            "  { " + 
-            "    userClasses { allUsers }, " + 
-            "    userPermissions " +
-            "    { " +
-            "      { " +
-            "        protectedItems {entry, allAttributeValues { ou, objectClass } }, " +
-            "        grantsAndDenials { grantRead, grantReturnDN, grantBrowse } " +
-            "      } " +
-            "    } " +
-            "  } " +
-            "}" );
+        createAccessControlSubentry( "excludeTelephoneNumber", "{ maximum 2 }", "{ "
+            + "  identificationTag \"searchAci\", " + "  precedence 14, " + "  authenticationLevel none, "
+            + "  itemOrUserFirst userFirst: " + "  { " + "    userClasses { allUsers }, " + "    userPermissions "
+            + "    { " + "      { " + "        protectedItems {entry, allAttributeValues { ou, objectClass } }, "
+            + "        grantsAndDenials { grantRead, grantReturnDN, grantBrowse } " + "      } " + "    } " + "  } "
+            + "}" );
 
         // see if we can now search and find 4 entries
         assertTrue( checkCanSearchAs( "billyd", "billyd", SearchScope.SUBTREE, 4 ) );
@@ -686,25 +588,12 @@ public class SearchAuthorizationIT exten
         // now add a subentry that enables anyone to search an entry below ou=system
         // down two more rdns for DNs of a max size of 3.  This time we should be able
         // to see the telephoneNumber attribute
-        createAccessControlSubentry( 
-            "includeAllAttributeTypesAndValues", 
-            "{ maximum 2 }", 
-            "{ " +
-            "  identificationTag \"searchAci\", " + 
-            "  precedence 14, " + 
-            "  authenticationLevel none, " +
-            "  itemOrUserFirst userFirst: " +
-            "  { " + 
-            "    userClasses { allUsers }, " + 
-            "    userPermissions " +
-            "    { " +
-            "      { " +
-            "        protectedItems {entry, allUserAttributeTypesAndValues }, " +
-            "        grantsAndDenials { grantRead, grantReturnDN, grantBrowse } " +
-            "      } " +
-            "    }" +
-            "  } " +
-            "}" );
+        createAccessControlSubentry( "includeAllAttributeTypesAndValues", "{ maximum 2 }", "{ "
+            + "  identificationTag \"searchAci\", " + "  precedence 14, " + "  authenticationLevel none, "
+            + "  itemOrUserFirst userFirst: " + "  { " + "    userClasses { allUsers }, " + "    userPermissions "
+            + "    { " + "      { " + "        protectedItems {entry, allUserAttributeTypesAndValues }, "
+            + "        grantsAndDenials { grantRead, grantReturnDN, grantBrowse } " + "      } " + "    }" + "  } "
+            + "}" );
 
         // again we should find four entries
         assertTrue( checkCanSearchAs( "billyd", "billyd", SearchScope.SUBTREE, 4 ) );
@@ -736,31 +625,13 @@ public class SearchAuthorizationIT exten
         // now add a subentry that enables anyone to search an entry below ou=system
         // down two more rdns for DNs of a max size of 3.  It only grants access to
         // the ou and objectClass attributes however.
-        createAccessControlSubentry(
-            "excludeOUValue",
-            "{ maximum 2 }",
-            "{ " +
-            "  identificationTag \"searchAci\", " +
-            "  precedence 14, " +
-            "  authenticationLevel none, " +
-            "  itemOrUserFirst userFirst: " +
-            "  { " +
-            "    userClasses { allUsers }, " +
-            "    userPermissions " +
-            "    { " +
-            "      { " +
-            "        protectedItems " +
-            "        {" +
-            "          entry, " +
-            "          attributeType { ou }, " +
-            "          allAttributeValues { objectClass }, " +
-            "          attributeValue { ou=0, ou=1, ou=2 } " +
-            "        }, " +
-            "        grantsAndDenials { grantRead, grantReturnDN, grantBrowse } " +
-            "      } " +
-            "    } " +
-            "  } " +
-            "}" );
+        createAccessControlSubentry( "excludeOUValue", "{ maximum 2 }", "{ " + "  identificationTag \"searchAci\", "
+            + "  precedence 14, " + "  authenticationLevel none, " + "  itemOrUserFirst userFirst: " + "  { "
+            + "    userClasses { allUsers }, " + "    userPermissions " + "    { " + "      { "
+            + "        protectedItems " + "        {" + "          entry, " + "          attributeType { ou }, "
+            + "          allAttributeValues { objectClass }, " + "          attributeValue { ou=0, ou=1, ou=2 } "
+            + "        }, " + "        grantsAndDenials { grantRead, grantReturnDN, grantBrowse } " + "      } "
+            + "    } " + "  } " + "}" );
 
         // see if we can now search and find 4 entries
         assertTrue( checkCanSearchAs( "billyd", "billyd", 3 ) );
@@ -777,25 +648,12 @@ public class SearchAuthorizationIT exten
         // now add a subentry that enables anyone to search an entry below ou=system
         // down two more rdns for DNs of a max size of 3.  This time we should be able
         // to see the telephoneNumber attribute
-        createAccessControlSubentry( 
-            "includeAllAttributeTypesAndValues", 
-            "{ maximum 2 }", 
-            "{ " +
-            "  identificationTag \"searchAci\", " + 
-            "  precedence 14, " + 
-            "  authenticationLevel none, " +
-            "  itemOrUserFirst userFirst: " +
-            "  { " + 
-            "    userClasses { allUsers }, " + 
-            "    userPermissions " +
-            "    { " +
-            "      { " +
-            "        protectedItems {entry, allUserAttributeTypesAndValues }, " +
-            "        grantsAndDenials { grantRead, grantReturnDN, grantBrowse } " +
-            "      } " +
-            "    } " +
-            "  }" +
-            "}" );
+        createAccessControlSubentry( "includeAllAttributeTypesAndValues", "{ maximum 2 }", "{ "
+            + "  identificationTag \"searchAci\", " + "  precedence 14, " + "  authenticationLevel none, "
+            + "  itemOrUserFirst userFirst: " + "  { " + "    userClasses { allUsers }, " + "    userPermissions "
+            + "    { " + "      { " + "        protectedItems {entry, allUserAttributeTypesAndValues }, "
+            + "        grantsAndDenials { grantRead, grantReturnDN, grantBrowse } " + "      } " + "    } " + "  }"
+            + "}" );
 
         // again we should find four entries
         assertTrue( checkCanSearchAs( "billyd", "billyd", 3 ) );
@@ -822,23 +680,10 @@ public class SearchAuthorizationIT exten
         createUser( "billyd", "billyd" );
 
         // now add an entryACI denies browse, read and returnDN to a specific entry
-        String aci = 
-            "{ " + 
-            "  identificationTag \"denyAci\", " + 
-            "  precedence 14, " + 
-            "  authenticationLevel none, " +
-            "  itemOrUserFirst userFirst: " +
-            "  { " + 
-            "    userClasses { allUsers }, " + 
-            "    userPermissions " +
-            "    { " +
-            "      { " +
-            "        protectedItems {entry, allUserAttributeTypesAndValues}, " +
-            "        grantsAndDenials { denyRead, denyReturnDN, denyBrowse } " +
-            "      } " +
-            "    } " +
-            "  } " +
-            "}";
+        String aci = "{ " + "  identificationTag \"denyAci\", " + "  precedence 14, " + "  authenticationLevel none, "
+            + "  itemOrUserFirst userFirst: " + "  { " + "    userClasses { allUsers }, " + "    userPermissions "
+            + "    { " + "      { " + "        protectedItems {entry, allUserAttributeTypesAndValues}, "
+            + "        grantsAndDenials { denyRead, denyReturnDN, denyBrowse } " + "      } " + "    } " + "  } " + "}";
 
         // try a search operation which should fail without any prescriptive ACI
         DN testsDn = new DN( "ou=system" );
@@ -846,24 +691,12 @@ public class SearchAuthorizationIT exten
         assertFalse( checkSearchAsWithEntryACI( "billyd", "billyd", SearchScope.SUBTREE, testsDn, aci, 9 ) );
 
         // now add a subentry that enables anyone to search below ou=system
-        createAccessControlSubentry( 
-            "anybodySearch", 
-            "{ " + 
-            "  identificationTag \"searchAci\", " + 
-            "  precedence 14, " +
-            "  authenticationLevel none, " + 
-            "  itemOrUserFirst userFirst: " +
-            "  { " + 
-            "    userClasses { allUsers }, " +
-            "    userPermissions " +
-            "    { " +
-            "      { " + 
-            "        protectedItems {entry, allUserAttributeTypesAndValues}, " +
-            "        grantsAndDenials { grantRead, grantReturnDN, grantBrowse } " +
-            "      } " +
-            "    } " +
-            "  } " +
-            "}" );
+        createAccessControlSubentry( "anybodySearch", "{ " + "  identificationTag \"searchAci\", "
+            + "  precedence 14, " + "  authenticationLevel none, " + "  itemOrUserFirst userFirst: " + "  { "
+            + "    userClasses { allUsers }, " + "    userPermissions " + "    { " + "      { "
+            + "        protectedItems {entry, allUserAttributeTypesAndValues}, "
+            + "        grantsAndDenials { grantRead, grantReturnDN, grantBrowse } " + "      } " + "    } " + "  } "
+            + "}" );
 
         // see if we can now search the tree which we could not before
         // should work with billyd now that all users are authorized
@@ -892,23 +725,10 @@ public class SearchAuthorizationIT exten
         createUser( "billyd", "billyd" );
 
         // now add an entryACI denying browse, read and returnDN to a specific entry
-        String aci = 
-            "{ " + 
-            "  identificationTag \"denyAci\", " + 
-            "  precedence 14, " + 
-            "  authenticationLevel none, " +
-            "  itemOrUserFirst userFirst: " +
-            "  { " + 
-            "    userClasses { allUsers }, " + 
-            "    userPermissions " +
-            "    { " +
-            "      { " +
-            "        protectedItems {entry, allUserAttributeTypesAndValues}, " +
-            "        grantsAndDenials { denyRead, denyReturnDN, denyBrowse } " +
-            "      } " +
-            "    } " +
-            "  } " +
-            "}";
+        String aci = "{ " + "  identificationTag \"denyAci\", " + "  precedence 14, " + "  authenticationLevel none, "
+            + "  itemOrUserFirst userFirst: " + "  { " + "    userClasses { allUsers }, " + "    userPermissions "
+            + "    { " + "      { " + "        protectedItems {entry, allUserAttributeTypesAndValues}, "
+            + "        grantsAndDenials { denyRead, denyReturnDN, denyBrowse } " + "      } " + "    } " + "  } " + "}";
 
         // try a search operation which should fail without any prescriptive ACI
         DN testsDn = new DN( "ou=system" );
@@ -916,24 +736,12 @@ public class SearchAuthorizationIT exten
         assertFalse( checkSearchAsWithEntryACI( "billyd", "billyd", SearchScope.SUBTREE, testsDn, aci, 9 ) );
 
         // now add a subentry that enables anyone to search below ou=system
-        createAccessControlSubentry( 
-            "anybodySearch", 
-            "{ " + 
-            "  identificationTag \"searchAci\", " + 
-            "  precedence 15, " +
-            "  authenticationLevel none, " + 
-            "  itemOrUserFirst userFirst: " +
-            "  { " +
-            "    userClasses { allUsers }, " +
-            "    userPermissions " +
-            "    { " +
-            "      { " +
-            "        protectedItems {entry, allUserAttributeTypesAndValues}, " +
-            "        grantsAndDenials { grantRead, grantReturnDN, grantBrowse } " +
-            "      } " +
-            "    } " +
-            "  } " +
-            "}" );
+        createAccessControlSubentry( "anybodySearch", "{ " + "  identificationTag \"searchAci\", "
+            + "  precedence 15, " + "  authenticationLevel none, " + "  itemOrUserFirst userFirst: " + "  { "
+            + "    userClasses { allUsers }, " + "    userPermissions " + "    { " + "      { "
+            + "        protectedItems {entry, allUserAttributeTypesAndValues}, "
+            + "        grantsAndDenials { grantRead, grantReturnDN, grantBrowse } " + "      } " + "    } " + "  } "
+            + "}" );
 
         // see if we can now search the tree which we could not before
         // should work with billyd now that all users are authorized
@@ -945,23 +753,10 @@ public class SearchAuthorizationIT exten
 
         // now add an entryACI denies browse, read and returnDN to a specific entry
         // but this time the precedence will be higher than that of the grant
-        aci = 
-            "{ " + 
-            "  identificationTag \"denyAci\", " + 
-            "  precedence 16, " + 
-            "  authenticationLevel none, " +
-            "  itemOrUserFirst userFirst: " +
-            "  { " + 
-            "    userClasses { allUsers }, " + 
-            "    userPermissions " +
-            "    { " +
-            "      { " +
-            "        protectedItems {entry, allUserAttributeTypesAndValues}, " +
-            "        grantsAndDenials { denyRead, denyReturnDN, denyBrowse } " +
-            "      } " +
-            "    } " +
-            "  } " +
-            "}";
+        aci = "{ " + "  identificationTag \"denyAci\", " + "  precedence 16, " + "  authenticationLevel none, "
+            + "  itemOrUserFirst userFirst: " + "  { " + "    userClasses { allUsers }, " + "    userPermissions "
+            + "    { " + "      { " + "        protectedItems {entry, allUserAttributeTypesAndValues}, "
+            + "        grantsAndDenials { denyRead, denyReturnDN, denyBrowse } " + "      } " + "    } " + "  } " + "}";
 
         // see if we can now search the tree which we could not before
         // should work with billyd now that all users are authorized
@@ -986,7 +781,7 @@ public class SearchAuthorizationIT exten
     {
         LdapConnection userCtx = getConnectionAs( new DN( "uid=" + uid + ",ou=users,ou=system" ), password );
         SearchResultEntry result = null;
-        Cursor<SearchResponse> list = null;
+        Cursor<Response> list = null;
 
         list = userCtx.search( dn.getName(), "(objectClass=*)", SearchScope.OBJECT, "*" );
         if ( list.next() )
@@ -1007,46 +802,22 @@ public class SearchAuthorizationIT exten
         createUser( "billyd", "billyd" );
 
         // now add a subentry that enables anyone to search below ou=system
-        createAccessControlSubentry( 
-            "anybodySearch", 
-            "{ " + 
-            "  identificationTag \"searchAci\", " + 
-            "  precedence 14, " +
-            "  authenticationLevel none, " + 
-            "  itemOrUserFirst userFirst: " +
-            "  { " + 
-            "    userClasses { allUsers }, " +
-            "    userPermissions " +
-            "    { " +
-            "      { " + 
-            "        protectedItems {entry, allUserAttributeTypesAndValues}, " +
-            "        grantsAndDenials { grantRead, grantReturnDN, grantBrowse } " +
-            "      } " +
-            "    } " +
-            "  } " +
-            "}" );
+        createAccessControlSubentry( "anybodySearch", "{ " + "  identificationTag \"searchAci\", "
+            + "  precedence 14, " + "  authenticationLevel none, " + "  itemOrUserFirst userFirst: " + "  { "
+            + "    userClasses { allUsers }, " + "    userPermissions " + "    { " + "      { "
+            + "        protectedItems {entry, allUserAttributeTypesAndValues}, "
+            + "        grantsAndDenials { grantRead, grantReturnDN, grantBrowse } " + "      } " + "    } " + "  } "
+            + "}" );
 
         // check and see if we can access the subentry now
         assertNotNull( checkCanSearhSubentryAs( "billyd", "billyd", new DN( "cn=anybodySearch,ou=system" ) ) );
 
         // now add a denial to prevent all users except the admin from accessing the subentry
-        addSubentryACI( 
-            "{ " + 
-            "  identificationTag \"searchAci\", " + 
-            "  precedence 14, " + 
-            "  authenticationLevel none, " +
-            "  itemOrUserFirst userFirst: " +
-            "  { " + 
-            "    userClasses { allUsers }, " + 
-            "    userPermissions " +
-            "    { " +
-            "      { " +
-            "        protectedItems {entry, allUserAttributeTypesAndValues}, " +
-            "        grantsAndDenials { denyRead, denyReturnDN, denyBrowse } " +
-            "      } " +
-            "    } " +
-            "  } " +
-            "}" );
+        addSubentryACI( "{ " + "  identificationTag \"searchAci\", " + "  precedence 14, "
+            + "  authenticationLevel none, " + "  itemOrUserFirst userFirst: " + "  { "
+            + "    userClasses { allUsers }, " + "    userPermissions " + "    { " + "      { "
+            + "        protectedItems {entry, allUserAttributeTypesAndValues}, "
+            + "        grantsAndDenials { denyRead, denyReturnDN, denyBrowse } " + "      } " + "    } " + "  } " + "}" );
 
         // now we should not be able to access the subentry with a search
         assertNull( checkCanSearhSubentryAs( "billyd", "billyd", new DN( "cn=anybodySearch,ou=system" ) ) );
@@ -1061,33 +832,13 @@ public class SearchAuthorizationIT exten
 
         // now add a subentry that enables anyone to search/lookup and disclose on error
         // below ou=system, with the exclusion of ou=groups and everything below it
-        createAccessControlSubentry( 
-            "selectiveDiscloseOnError", 
-            "{ specificExclusions " +
-            "  { chopBefore:\"ou=groups\" } " +
-            "}",
-            "{ " + 
-            "  identificationTag \"searchAci\", " + 
-            "  precedence 14, " + 
-            "  authenticationLevel none, " +
-            "  itemOrUserFirst userFirst:" +
-            "  { " + 
-            "    userClasses { allUsers }, " + 
-            "    userPermissions " +
-            "    { " +
-            "      { " +
-            "        protectedItems {entry, allUserAttributeTypesAndValues}, " +
-            "        grantsAndDenials " +
-            "        { " +
-            "          grantRead, " +
-            "          grantReturnDN, " +
-            "          grantBrowse, " +
-            "          grantDiscloseOnError " +
-            "        } " +
-            "      } " +
-            "    } " +
-            "  } " +
-            "}" );
+        createAccessControlSubentry( "selectiveDiscloseOnError", "{ specificExclusions "
+            + "  { chopBefore:\"ou=groups\" } " + "}", "{ " + "  identificationTag \"searchAci\", "
+            + "  precedence 14, " + "  authenticationLevel none, " + "  itemOrUserFirst userFirst:" + "  { "
+            + "    userClasses { allUsers }, " + "    userPermissions " + "    { " + "      { "
+            + "        protectedItems {entry, allUserAttributeTypesAndValues}, " + "        grantsAndDenials "
+            + "        { " + "          grantRead, " + "          grantReturnDN, " + "          grantBrowse, "
+            + "          grantDiscloseOnError " + "        } " + "      } " + "    } " + "  } " + "}" );
 
         // get a context as the user and try a lookup of a non-existant entry under ou=groups,ou=system
         LdapConnection userCtx = getConnectionAs( "uid=billyd,ou=users,ou=system", "billyd" );
@@ -1098,30 +849,12 @@ public class SearchAuthorizationIT exten
 
         // now delete and replace subentry with one that does not excluse ou=groups,ou=system
         deleteAccessControlSubentry( "selectiveDiscloseOnError" );
-        createAccessControlSubentry( 
-            "selectiveDiscloseOnError", 
-            "{ " + 
-            "  identificationTag \"searchAci\", " +
-            "  precedence 14, " + 
-            "  authenticationLevel none, " + 
-            "  itemOrUserFirst userFirst: " +
-            "  { " +
-            "    userClasses { allUsers }, " + 
-            "    userPermissions " +
-            "    { " +
-            "      { " +
-            "        protectedItems {entry, allUserAttributeTypesAndValues}, " +
-            "        grantsAndDenials " +
-            "        { " +
-            "          grantRead, " +
-            "          grantReturnDN, " +
-            "          grantBrowse, " +
-            "          grantDiscloseOnError " +
-            "        } " +
-            "      } " +
-            "    } " +
-            "  } " +
-            "}" );
+        createAccessControlSubentry( "selectiveDiscloseOnError", "{ " + "  identificationTag \"searchAci\", "
+            + "  precedence 14, " + "  authenticationLevel none, " + "  itemOrUserFirst userFirst: " + "  { "
+            + "    userClasses { allUsers }, " + "    userPermissions " + "    { " + "      { "
+            + "        protectedItems {entry, allUserAttributeTypesAndValues}, " + "        grantsAndDenials "
+            + "        { " + "          grantRead, " + "          grantReturnDN, " + "          grantBrowse, "
+            + "          grantDiscloseOnError " + "        } " + "      } " + "    } " + "  } " + "}" );
 
         // now try a lookup of a non-existant entry under ou=groups,ou=system again
         entry = ( SearchResultEntry ) userCtx.lookup( "cn=blah,ou=groups" );
@@ -1143,48 +876,24 @@ public class SearchAuthorizationIT exten
         getAdminConnection().add( phoneBook );
 
         // now add a subentry that enables anyone to search below their own entries
-        createAccessControlSubentry( 
-            "anybodySearchTheirSubordinates", 
-            "{ " + 
-            "  identificationTag \"searchAci\", " +
-            "  precedence 14, " + 
-            "  authenticationLevel none, " + 
-            "  itemOrUserFirst userFirst: " +
-            "  { " +
-            "    userClasses { allUsers }, " + 
-            "    userPermissions " +
-            "    { " +
-            "      { " +
-            "        protectedItems {entry, allUserAttributeTypesAndValues}, " +
-            "        grantsAndDenials { grantRead, grantReturnDN, grantBrowse } " +
-            "      } " +
-            "    } " +
-            "  } " +
-            "}" );
+        createAccessControlSubentry( "anybodySearchTheirSubordinates", "{ " + "  identificationTag \"searchAci\", "
+            + "  precedence 14, " + "  authenticationLevel none, " + "  itemOrUserFirst userFirst: " + "  { "
+            + "    userClasses { allUsers }, " + "    userPermissions " + "    { " + "      { "
+            + "        protectedItems {entry, allUserAttributeTypesAndValues}, "
+            + "        grantsAndDenials { grantRead, grantReturnDN, grantBrowse } " + "      } " + "    } " + "  } "
+            + "}" );
 
         // check and see if we can access the subentry now
         assertNotNull( checkCanSearhSubentryAs( "billyd", "billyd", new DN(
             "ou=phoneBook,uid=billyd,ou=users,ou=system" ) ) );
 
         // now add a denial to prevent all users except the admin from accessing the subentry
-        addPrescriptiveACI( 
-            "anybodySearchTheirSubordinates", 
-            "{ " +
-            "  identificationTag \"anybodyDontSearchTheirSubordinates\", " + 
-            "  precedence 14, " +
-            "  authenticationLevel none, " + 
-            "  itemOrUserFirst userFirst: " +
-            "  { " + 
-            "    userClasses { parentOfEntry }, " +
-            "    userPermissions " +
-            "    { " +
-            "      { " + 
-            "        protectedItems {entry, allUserAttributeTypesAndValues}, " +
-            "        grantsAndDenials { denyRead, denyReturnDN, denyBrowse } " +
-            "      } " +
-            "    } " +
-            "  } " +
-            "}" );
+        addPrescriptiveACI( "anybodySearchTheirSubordinates", "{ "
+            + "  identificationTag \"anybodyDontSearchTheirSubordinates\", " + "  precedence 14, "
+            + "  authenticationLevel none, " + "  itemOrUserFirst userFirst: " + "  { "
+            + "    userClasses { parentOfEntry }, " + "    userPermissions " + "    { " + "      { "
+            + "        protectedItems {entry, allUserAttributeTypesAndValues}, "
+            + "        grantsAndDenials { denyRead, denyReturnDN, denyBrowse } " + "      } " + "    } " + "  } " + "}" );
 
         // now we should not be able to access the subentry with a search
         assertNull( checkCanSearhSubentryAs( "billyd", "billyd", new DN( "ou=phoneBook,uid=billyd,ou=users,ou=system" ) ) );
@@ -1207,28 +916,14 @@ public class SearchAuthorizationIT exten
         assertFalse( checkCanSearchAs( "billyd", "billyd" ) );
 
         // now add a subentry that allows a user to read the CN only
-        createAccessControlSubentry( 
-            "rangeOfValues", 
-            "{ " +
-            "  identificationTag \"rangeOfValuesAci\", " + 
-            "  precedence 14," +
-            "  authenticationLevel none, " +
-            "  itemOrUserFirst userFirst: " +
-            "  { " + 
-            "    userClasses { allUsers }, " + 
-            "    userPermissions " +
-            "    { " +
-            "      { " +
-            "        protectedItems { entry }, " +
-            "        grantsAndDenials { grantRead, grantReturnDN, grantBrowse } " +
-            "      }, " +
-            "      { " +
-            "        protectedItems { rangeOfValues (cn=billyd) }, " +
-            "        grantsAndDenials { grantRead, grantReturnDN, grantBrowse } " +
-            "      } " +
-            "    } " +
-            "  } " +
-            "}" );
+        createAccessControlSubentry( "rangeOfValues", "{ " + "  identificationTag \"rangeOfValuesAci\", "
+            + "  precedence 14," + "  authenticationLevel none, " + "  itemOrUserFirst userFirst: " + "  { "
+            + "    userClasses { allUsers }, " + "    userPermissions " + "    { " + "      { "
+            + "        protectedItems { entry }, "
+            + "        grantsAndDenials { grantRead, grantReturnDN, grantBrowse } " + "      }, " + "      { "
+            + "        protectedItems { rangeOfValues (cn=billyd) }, "
+            + "        grantsAndDenials { grantRead, grantReturnDN, grantBrowse } " + "      } " + "    } " + "  } "
+            + "}" );
 
         // see if we can now search and find 4 entries
         assertTrue( checkCanSearchAs( "billyd", "billyd" ) );

Modified: directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/changelog/DefaultChangeLogIT.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/changelog/DefaultChangeLogIT.java?rev=987611&r1=987610&r2=987611&view=diff
==============================================================================
--- directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/changelog/DefaultChangeLogIT.java (original)
+++ directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/changelog/DefaultChangeLogIT.java Fri Aug 20 19:31:58 2010
@@ -28,8 +28,6 @@ import static org.junit.Assert.assertTru
 import java.util.Arrays;
 
 import org.apache.directory.ldap.client.api.LdapConnection;
-import org.apache.directory.ldap.client.api.message.ModifyRequest;
-import org.apache.directory.ldap.client.api.message.SearchResultEntry;
 import org.apache.directory.server.core.annotations.CreateDS;
 import org.apache.directory.server.core.factory.DefaultDirectoryServiceFactory;
 import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
@@ -40,6 +38,9 @@ import org.apache.directory.shared.ldap.
 import org.apache.directory.shared.ldap.entry.Entry;
 import org.apache.directory.shared.ldap.entry.EntryAttribute;
 import org.apache.directory.shared.ldap.exception.LdapException;
+import org.apache.directory.shared.ldap.message.ModifyRequest;
+import org.apache.directory.shared.ldap.message.ModifyRequestImpl;
+import org.apache.directory.shared.ldap.message.SearchResultEntry;
 import org.apache.directory.shared.ldap.name.DN;
 import org.junit.After;
 import org.junit.Test;
@@ -55,8 +56,8 @@ import org.slf4j.LoggerFactory;
  *
  * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
  */
-@RunWith ( FrameworkRunner.class )
-@CreateDS( factory=DefaultDirectoryServiceFactory.class, name="DefaultChangeLogIT-class" )
+@RunWith(FrameworkRunner.class)
+@CreateDS(factory = DefaultDirectoryServiceFactory.class, name = "DefaultChangeLogIT-class")
 public class DefaultChangeLogIT extends AbstractLdapTestUnit
 {
     public static final Logger LOG = LoggerFactory.getLogger( DefaultChangeLogIT.class );
@@ -80,7 +81,7 @@ public class DefaultChangeLogIT extends 
         entry.add( SchemaConstants.OBJECT_CLASS_AT, "organizationalUnit" );
         entry.add( SchemaConstants.OU_AT, "test0" );
         sysRoot.add( entry );
-        
+
         assertEquals( revision + 1, service.getChangeLog().getCurrentRevision() );
 
         Tag t0 = service.getChangeLog().tag();
@@ -134,7 +135,7 @@ public class DefaultChangeLogIT extends 
         // no sync this time but should happen automatically
         service.shutdown();
         service.startup();
-        
+
         sysRoot = getAdminConnection( service );
         assertEquals( revision + 7, service.getChangeLog().getCurrentRevision() );
         assertEquals( t1, service.getChangeLog().getLatest() );
@@ -168,7 +169,7 @@ public class DefaultChangeLogIT extends 
 
         service.shutdown();
         service.startup();
-        
+
         sysRoot = getAdminConnection( service );
         assertEquals( revision + 1, service.getChangeLog().getCurrentRevision() );
         assertEquals( t0, service.getChangeLog().getLatest() );
@@ -289,7 +290,8 @@ public class DefaultChangeLogIT extends 
         assertPresent( sysRoot, "ou=test5,ou=system" );
 
         // modify the test entry to add description and test new attr appears
-        ModifyRequest modReq = new ModifyRequest( entry.getDn() );
+        ModifyRequest modReq = new ModifyRequestImpl();
+        modReq.setName( entry.getDn() );
         modReq.add( "description", "a desc value" );
         sysRoot.modify( modReq );
 
@@ -310,7 +312,8 @@ public class DefaultChangeLogIT extends 
         // -------------------------------------------------------------------
 
         // add the attribute again and make sure it is old value
-        modReq = new ModifyRequest( resusitated.getDn() );
+        modReq = new ModifyRequestImpl();
+        modReq.setName( resusitated.getDn() );
         modReq.add( "description", "old value" );
         sysRoot.modify( modReq );
         resusitated = ( ( SearchResultEntry ) sysRoot.lookup( "ou=test5,ou=system" ) ).getEntry();
@@ -321,7 +324,8 @@ public class DefaultChangeLogIT extends 
 
         // now tag then replace the value to "new value" and confirm
         Tag t1 = service.getChangeLog().tag();
-        modReq = new ModifyRequest( resusitated.getDn() );
+        modReq = new ModifyRequestImpl();
+        modReq.setName( resusitated.getDn() );
         modReq.replace( "description", "new value" );
         sysRoot.modify( modReq );
 
@@ -339,13 +343,13 @@ public class DefaultChangeLogIT extends 
         assertNotNull( description );
         assertEquals( description.getString(), "old value" );
 
-
         // -------------------------------------------------------------------
         // Modify REMOVE Test
         // -------------------------------------------------------------------
 
         Tag t2 = service.getChangeLog().tag();
-        modReq = new ModifyRequest( resusitated.getDn() );
+        modReq = new ModifyRequestImpl();
+        modReq.setName( resusitated.getDn() );
         modReq.remove( "description", "old value" );
         sysRoot.modify( modReq );
 
@@ -367,17 +371,19 @@ public class DefaultChangeLogIT extends 
         // -------------------------------------------------------------------
 
         // add a userPassword attribute so we can test replacing it
-        modReq = new ModifyRequest( resusitated.getDn() );
+        modReq = new ModifyRequestImpl();
+        modReq.setName( resusitated.getDn() );
         modReq.add( "userPassword", "to be replaced" );
         sysRoot.modify( modReq );
         resusitated = ( ( SearchResultEntry ) sysRoot.lookup( "ou=test5,ou=system" ) ).getEntry();
         assertPassword( resusitated, "to be replaced" );
 
-        modReq = new ModifyRequest( resusitated.getDn() );
+        modReq = new ModifyRequestImpl();
+        modReq.setName( resusitated.getDn() );
         modReq.remove( "description", "old value" );
         modReq.add( "seeAlso", "ou=added" );
         modReq.replace( "userPassword", "a replaced value" );
-        
+
         Tag t3 = service.getChangeLog().tag();
 
         // now make the modification and check that description is gone,
@@ -418,8 +424,8 @@ public class DefaultChangeLogIT extends 
         SearchResultEntry se = ( SearchResultEntry ) connection.lookup( dn );
         assertNull( se );
     }
-    
-    
+
+
     private void assertPresent( LdapConnection connection, String dn ) throws LdapException
     {
         Entry entry = ( ( SearchResultEntry ) connection.lookup( dn ) ).getEntry();



Mime
View raw message