directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From elecha...@apache.org
Subject svn commit: r1057255 - in /directory/apacheds/branches/apacheds-AP: core-integ/src/test/java/org/apache/directory/server/core/subtree/SubentryRenameOperationIT.java core/src/main/java/org/apache/directory/server/core/subtree/SubentryInterceptor.java
Date Mon, 10 Jan 2011 16:10:52 GMT
Author: elecharny
Date: Mon Jan 10 16:10:52 2011
New Revision: 1057255

URL: http://svn.apache.org/viewvc?rev=1057255&view=rev
Log:
First code and tests added for the AP rename operation. Just check the subentry rename failures

Added:
    directory/apacheds/branches/apacheds-AP/core-integ/src/test/java/org/apache/directory/server/core/subtree/SubentryRenameOperationIT.java
Modified:
    directory/apacheds/branches/apacheds-AP/core/src/main/java/org/apache/directory/server/core/subtree/SubentryInterceptor.java

Added: directory/apacheds/branches/apacheds-AP/core-integ/src/test/java/org/apache/directory/server/core/subtree/SubentryRenameOperationIT.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-AP/core-integ/src/test/java/org/apache/directory/server/core/subtree/SubentryRenameOperationIT.java?rev=1057255&view=auto
==============================================================================
--- directory/apacheds/branches/apacheds-AP/core-integ/src/test/java/org/apache/directory/server/core/subtree/SubentryRenameOperationIT.java
(added)
+++ directory/apacheds/branches/apacheds-AP/core-integ/src/test/java/org/apache/directory/server/core/subtree/SubentryRenameOperationIT.java
Mon Jan 10 16:10:52 2011
@@ -0,0 +1,910 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License.
+ *
+ */
+package org.apache.directory.server.core.subtree;
+
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertTrue;
+
+import org.apache.directory.server.core.administrative.AdministrativePoint;
+import org.apache.directory.server.core.administrative.Subentry;
+import org.apache.directory.server.core.annotations.ApplyLdifs;
+import org.apache.directory.server.core.annotations.CreateDS;
+import org.apache.directory.server.core.integ.FrameworkRunner;
+import org.apache.directory.shared.ldap.entry.Entry;
+import org.apache.directory.shared.ldap.entry.EntryAttribute;
+import org.apache.directory.shared.ldap.ldif.LdifUtils;
+import org.apache.directory.shared.ldap.message.AddResponse;
+import org.apache.directory.shared.ldap.message.ModifyDnResponse;
+import org.apache.directory.shared.ldap.message.ResultCodeEnum;
+import org.apache.directory.shared.ldap.name.DN;
+import org.junit.Ignore;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+
+/**
+ * Test cases for the AdministrativePoint interceptor Add operation.
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+@RunWith(FrameworkRunner.class)
+@CreateDS(name = "AdministrativePointServiceIT")
+@ApplyLdifs(
+    {
+        // An entry used to create a User session
+        "dn: cn=testUser,ou=system",
+        "objectClass: top",
+        "objectClass: person",
+        "cn: testUser",
+        "sn: test User",
+        "userpassword: test"
+    })
+public class SubentryRenameOperationIT extends AbstractSubentryUnitTest
+{
+    // ===================================================================
+    // Test the Rename operation for APs
+    // -------------------------------------------------------------------
+    // Failure expected
+    // -------------------------------------------------------------------
+    /**
+     * Test the addition of an autonomous area in the rootDN
+     */
+    @Test
+    @Ignore
+    public void testAddAutonomousAreaRootDN() throws Exception
+    {
+        Entry autonomousArea = LdifUtils.createEntry( 
+            "", 
+            "ObjectClass: top",
+            "ObjectClass: organizationalUnit", 
+            "ou: autonomousArea", 
+            "administrativeRole: autonomousArea" );
+
+        // It should fail
+        AddResponse response = adminConnection.add( autonomousArea );
+
+        assertEquals( ResultCodeEnum.ENTRY_ALREADY_EXISTS, response.getLdapResult().getResultCode()
);
+    }
+
+
+    /**
+     * Test the addition of an autonomous area in a naming context
+     */
+    @Test
+    @Ignore
+    public void testAddAutonomousAreaNamingContext() throws Exception
+    {
+        Entry autonomousArea = LdifUtils.createEntry( 
+            "ou=system", 
+            "ObjectClass: top",
+            "ObjectClass: organizationalUnit", 
+            "ou: autonomousArea", 
+            "administrativeRole: autonomousArea" );
+
+        // It should fail
+        AddResponse response = adminConnection.add( autonomousArea );
+
+        assertEquals( ResultCodeEnum.ENTRY_ALREADY_EXISTS, response.getLdapResult().getResultCode()
);
+    }
+
+
+    /**
+     * Test the addition of an autonomous area in an existing entry
+     */
+    @Test
+    @Ignore
+    public void testAddAutonomousAreaExistingEntry() throws Exception
+    {
+        Entry autonomousArea = LdifUtils.createEntry( 
+            "uid=admin,ou=system", 
+            "ObjectClass: top",
+            "ObjectClass: organizationalUnit", 
+            "ou: autonomousArea", 
+            "administrativeRole: autonomousArea" );
+
+        // It should fail
+        AddResponse response = adminConnection.add( autonomousArea );
+
+        assertEquals( ResultCodeEnum.ENTRY_ALREADY_EXISTS, response.getLdapResult().getResultCode()
);
+    }
+    
+    
+    /**
+     * Test the addition of an IAP with no parent SAP
+     */
+    @Test
+    @Ignore
+    public void testAddIAPWithNoSAP() throws Exception
+    {
+        Entry iap = LdifUtils.createEntry( 
+            "ou=IAP,ou=system", 
+            "ObjectClass: top",
+            "ObjectClass: organizationalUnit", 
+            "ou: IAP", 
+            "administrativeRole: accessControlInnerArea" );
+
+        // It should fail
+        AddResponse response = adminConnection.add( iap );
+
+        assertEquals( ResultCodeEnum.UNWILLING_TO_PERFORM, response.getLdapResult().getResultCode()
);
+    }
+    
+    
+    /**
+     * Test the addition of an SAP with the same IAP (AccessControl)
+     */
+    @Test
+    @Ignore
+    public void testAddIAPWithSAPAccessControl() throws Exception
+    {
+        Entry sapiap = LdifUtils.createEntry( 
+            "ou=SAP-IAP,ou=system", 
+            "ObjectClass: top",
+            "ObjectClass: organizationalUnit", 
+            "ou: SAP-IAP", 
+            "administrativeRole: accessControlInnerArea",
+            "administrativeRole: accessControlSpecificArea"
+            );
+
+        // It should fail
+        AddResponse response = adminConnection.add( sapiap );
+
+        assertEquals( ResultCodeEnum.UNWILLING_TO_PERFORM, response.getLdapResult().getResultCode()
);
+    }
+    
+    
+    /**
+     * Test the addition of an SAP with the same IAP (CollectiveAttribute)
+     */
+    @Test
+    @Ignore
+    public void testAddIAPWithSAPCollectiveAttribute() throws Exception
+    {
+        Entry sapiap = LdifUtils.createEntry( 
+            "ou=SAP-IAP,ou=system", 
+            "ObjectClass: top",
+            "ObjectClass: organizationalUnit", 
+            "ou: SAP-IAP", 
+            "administrativeRole: CollectiveAttributeInnerArea",
+            "administrativeRole: CollectiveAttributeSpecificArea"
+            );
+
+        // It should fail
+        AddResponse response = adminConnection.add( sapiap );
+
+        assertEquals( ResultCodeEnum.UNWILLING_TO_PERFORM, response.getLdapResult().getResultCode()
);
+    }
+    
+    
+    /**
+     * Test the addition of an SAP with the same IAP (TriggerExecution)
+     */
+    @Test
+    @Ignore
+    public void testAddIAPWithSAPTriggerExecution() throws Exception
+    {
+        Entry sapiap = LdifUtils.createEntry( 
+            "ou=SAP-IAP,ou=system", 
+            "ObjectClass: top",
+            "ObjectClass: organizationalUnit", 
+            "ou: SAP-IAP", 
+            "administrativeRole: TriggerExecutionInnerArea",
+            "administrativeRole: TriggerExecutionSpecificArea"
+            );
+
+        // It should fail
+        AddResponse response = adminConnection.add( sapiap );
+
+        assertEquals( ResultCodeEnum.UNWILLING_TO_PERFORM, response.getLdapResult().getResultCode()
);
+    }
+    
+    
+    /**
+     * Test the addition of an IAP within an IAP (TriggerExecution)
+     */
+    @Test
+    @Ignore
+    public void testAddIAPWithinAAPTriggerExecution() throws Exception
+    {
+        Entry sapiap = LdifUtils.createEntry( 
+            "ou=SAP-IAP,ou=system", 
+            "ObjectClass: top",
+            "ObjectClass: organizationalUnit", 
+            "ou: SAP-IAP", 
+            "administrativeRole: autonomousArea",
+            "administrativeRole: TriggerExecutionInnerArea"
+            );
+
+        // It should fail
+        AddResponse response = adminConnection.add( sapiap );
+
+        assertEquals( ResultCodeEnum.UNWILLING_TO_PERFORM, response.getLdapResult().getResultCode()
);
+    }
+    
+    
+    /**
+     * Test the addition of an AAP with no role
+     */
+    @Test
+    @Ignore
+    public void testAddAAPWithNoRole() throws Exception
+    {
+        Entry autonomousArea = LdifUtils.createEntry( 
+            "ou=AAP,ou=system", 
+            "ObjectClass: top",
+            "ObjectClass: organizationalUnit", 
+            "ou: AAP", 
+            "administrativeRole: " );
+
+        // It should fail
+        AddResponse response = adminConnection.add( autonomousArea );
+
+        assertEquals( ResultCodeEnum.INVALID_ATTRIBUTE_SYNTAX, response.getLdapResult().getResultCode()
);
+    }
+    
+    
+    /**
+     * Test the addition of an AP directly under a subentry
+     */
+    @Test
+    @Ignore
+    public void testAddAPUnderSubentry() throws Exception
+    {
+        // First add an AAP
+        createAAP( "ou=AAP,ou=system" );
+        
+        // Add a subentry now
+        createCaSubentry( "cn=test,ou=AAP,ou=system", "{}" );
+        
+        Entry subentryEntry = adminConnection.lookup( "cn=test,ou=AAP,ou=system", "+", "*"
);
+        assertNotNull( subentryEntry );
+
+        Entry ap = adminConnection.lookup( "ou=AAP,ou=system", "+", "*" );
+        assertNotNull( ap );
+        assertEquals( "1", ap.get( "CollectiveAttributeSeqNumber" ).getString() );
+        
+        // Now, try to inject an AP under the subentry
+        // First add an AAP
+        Entry badAP = LdifUtils.createEntry( 
+            "ou=BADAP,cn=test,ou=AAP,ou=system", 
+            "ObjectClass: top",
+            "ObjectClass: organizationalUnit", 
+            "ou: BADAP", 
+            "administrativeRole: autonomousArea" );
+
+        AddResponse response = adminConnection.add( badAP );
+        assertEquals( ResultCodeEnum.UNWILLING_TO_PERFORM, response.getLdapResult().getResultCode()
);
+    }
+    
+    
+    /**
+     * Test the addition of a SAP with a normal user
+     */
+    @Test
+    @Ignore
+    public void testAddSAPWithNonAdmin() throws Exception
+    {
+        Entry sap = LdifUtils.createEntry( 
+            "ou=SAP,ou=system", 
+            "ObjectClass: top",
+            "ObjectClass: organizationalUnit", 
+            "ou: SAP", 
+            "administrativeRole: accessControlSpecificArea" );
+
+        // It should fail
+        AddResponse response = userConnection.add( sap );
+
+        assertEquals( ResultCodeEnum.UNWILLING_TO_PERFORM, response.getLdapResult().getResultCode()
);
+    }
+
+
+    /**
+     * Test the addition of some invalid role
+     * @throws Exception
+     */
+    @Test
+    @Ignore
+    public void testAddInvalidRole() throws Exception
+    {
+        Entry autonomousArea = LdifUtils.createEntry( 
+            "ou=autonomousArea, ou=system", 
+            "ObjectClass: top",
+            "ObjectClass: organizationalUnit", 
+            "ou: autonomousArea", 
+            "administrativeRole: accessControlBadArea",
+            "administrativeRole: TRIGGEREXECUTIONINNERAREA" );
+
+        AddResponse response = adminConnection.add( autonomousArea );
+
+        assertEquals( ResultCodeEnum.UNWILLING_TO_PERFORM, response.getLdapResult().getResultCode()
);
+    }
+    
+    
+    /**
+     * Test the addition of some roles more than once
+     * @throws Exception
+     */
+    @Test
+    @Ignore
+    public void testAddRoleMoreThanOnce() throws Exception
+    {
+        Entry autonomousArea = LdifUtils.createEntry( 
+            "ou=autonomousArea, ou=system", 
+            "ObjectClass: top",
+            "ObjectClass: organizationalUnit", 
+            "ou: autonomousArea", 
+            "administrativeRole: autonomousArea",
+            "administrativeRole: 2.5.23.1" );
+
+        // It should not succeed
+        AddResponse response = adminConnection.add( autonomousArea );
+
+        assertEquals( ResultCodeEnum.UNWILLING_TO_PERFORM, response.getLdapResult().getResultCode()
);
+    }
+    
+    
+    /**
+     * Test the addition of an IAP under a SAP for a different role
+     */
+    @Test
+    @Ignore
+    public void testAddIAPUnderSAPDifferentRole() throws Exception
+    {
+        // First add an SAP
+        createAcSAP( "ou=SAP,ou=system" ); 
+        
+        // Add a IAP now
+        Entry iap = LdifUtils.createEntry( 
+            "ou=IAP,ou=SAP,ou=system", 
+            "ObjectClass: top",
+            "ObjectClass: organizationalUnit", 
+            "ou: IAP",
+            "administrativeRole: collectiveATtributeInnerArea" );
+
+        AddResponse response = adminConnection.add( iap );
+        assertEquals( ResultCodeEnum.UNWILLING_TO_PERFORM, response.getLdapResult().getResultCode()
);
+    }
+    
+    
+    // -------------------------------------------------------------------
+    // Success expected
+    // -------------------------------------------------------------------
+    /**
+     * Test the addition of an AAP with SAPs
+     */
+    @Test
+    @Ignore
+    public void testAddAAPWithSAPs() throws Exception
+    {
+        Entry autonomousArea = LdifUtils.createEntry( 
+            "ou=AAP,ou=system", 
+            "ObjectClass: top",
+            "ObjectClass: organizationalUnit", 
+            "ou: AAP", 
+            "administrativeRole: accessControlSpecificArea",
+            "administrativeRole: autonomousArea"
+            );
+
+        // It should succeed
+        AddResponse response = adminConnection.add( autonomousArea );
+
+        assertEquals( ResultCodeEnum.SUCCESS, response.getLdapResult().getResultCode() );
+        
+        Entry adminPoint = adminConnection.lookup( "ou=AAP,ou=system", "+", "*" );
+        
+        EntryAttribute roles = adminPoint.get( "administrativeRole" );
+        
+        assertNotNull( roles );
+        assertEquals( 5, roles.size() );
+        assertTrue( roles.contains( "autonomousArea", "accessControlSpecificArea", "collectiveAttributeSpecificArea",

+            "triggerExecutionSpecificArea", "subSchemaSpecificArea" ) );
+    }
+
+
+    /**
+     * Test the addition of an autonomous area
+     * @throws Exception
+     */
+    @Test
+    @Ignore
+    public void testAddAutonomousArea() throws Exception
+    {
+        createAAP( "ou=autonomousArea, ou=system" );
+        
+        Entry adminPoint = adminConnection.lookup( "ou=autonomousArea, ou=system", "+" );
+        assertNotNull( adminPoint );
+        assertEquals( -1, Long.parseLong( adminPoint.get( "AccessControlSeqNumber" ).getString()
) );
+        assertEquals( -1, Long.parseLong( adminPoint.get( "CollectiveAttributeSeqNumber"
).getString() ) );
+        assertEquals( -1, Long.parseLong( adminPoint.get( "SubSchemaSeqNumber" ).getString()
) );
+        assertEquals( -1, Long.parseLong( adminPoint.get( "TriggerExecutionSeqNumber" ).getString()
) );
+
+        // Check that the entry is containing all the roles
+        Entry entry = getAdminRole( "ou=autonomousArea, ou=system" );
+
+        assertTrue( entry.contains( "administrativeRole", "autonomousArea" ) );
+        assertTrue( entry.contains( "administrativeRole", "accessControlSpecificArea" ) );
+        assertTrue( entry.contains( "administrativeRole", "collectiveAttributeSpecificArea"
) );
+        assertTrue( entry.contains( "administrativeRole", "subschemaSpecificArea" ) );
+        assertTrue( entry.contains( "administrativeRole", "triggerExecutionSpecificArea"
) );
+
+        Entry autonomousArea = LdifUtils.createEntry( 
+            "ou=autonomousArea2, ou=system", 
+            "ObjectClass: top",
+            "ObjectClass: organizationalUnit", 
+            "ou: autonomousArea2", 
+            "administrativeRole: autonomousArea",
+            "administrativeRole: accessControlSpecificArea", 
+            "administrativeRole: collectiveAttributeInnerArea",
+            "administrativeRole: subschemaSpecificArea", 
+            "administrativeRole: TRIGGEREXECUTIONSPECIFICAREA" );
+
+        // It should fail, as an autonomous area is already defining the specific areas
+        AddResponse response = adminConnection.add( autonomousArea );
+
+        assertEquals( ResultCodeEnum.UNWILLING_TO_PERFORM, response.getLdapResult().getResultCode()
);
+    }
+
+
+    /**
+     * Test the addition of some specific area
+     * @throws Exception
+     */
+    @Test
+    @Ignore
+    public void testAddSpecificAreas() throws Exception
+    {
+        Entry autonomousArea = LdifUtils.createEntry( 
+            "ou=autonomousArea, ou=system", 
+            "ObjectClass: top",
+            "ObjectClass: organizationalUnit", 
+            "ou: autonomousArea", 
+            "administrativeRole: accessControlSpecificArea",
+            "administrativeRole: TRIGGEREXECUTIONSPECIFICAREA" );
+
+        AddResponse response = adminConnection.add( autonomousArea );
+
+        assertEquals( ResultCodeEnum.SUCCESS, response.getLdapResult().getResultCode() );
+
+        // Check that the entry is containing all the roles
+        Entry entry = getAdminRole( "ou=autonomousArea, ou=system" );
+
+        assertFalse( entry.contains( "administrativeRole", "autonomousArea" ) );
+        assertTrue( entry.contains( "administrativeRole", "accessControlSpecificArea" ) );
+        assertFalse( entry.contains( "administrativeRole", "collectiveAttributeSpecificArea"
) );
+        assertFalse( entry.contains( "administrativeRole", "2.5.23.4" ) );
+        assertTrue( entry.contains( "administrativeRole", "triggerExecutionSpecificArea"
) );
+    }
+
+
+    /**
+     * Test the addition of some inner area
+     * @throws Exception
+     */
+    @Test
+    @Ignore
+    public void testAddInnerAreas() throws Exception
+    {
+        createAAP( "ou=AAP,ou=system" );
+        
+        // Now add the IAPs
+        Entry innerAreas = LdifUtils.createEntry( 
+            "ou=innerAreas, ou=AAP,ou=system", 
+            "ObjectClass: top",
+            "ObjectClass: organizationalUnit", 
+            "ou: innerAreas", 
+            "administrativeRole: accessControlINNERArea",
+            "administrativeRole: TRIGGEREXECUTIONINNERAREA" );
+
+        AddResponse response = adminConnection.add( innerAreas );
+
+        assertEquals( ResultCodeEnum.SUCCESS, response.getLdapResult().getResultCode() );
+
+        // Check that the entry is containing all the roles
+        Entry entry = getAdminRole( "ou=innerAreas, ou=AAP,ou=system" );
+
+        assertFalse( entry.contains( "administrativeRole", "autonomousArea" ) );
+        assertTrue( entry.contains( "administrativeRole", "accessControlInnerArea" ) );
+        assertTrue( entry.contains( "administrativeRole", "triggerExecutionInnerArea" ) );
+    }
+    
+    
+    /**
+     * Test the addition of an IAP under a SAP
+     */
+    @Test
+    @Ignore
+    public void testAddIAPUnderSAP() throws Exception
+    {
+        // First add an SAP
+        createAcSAP( "ou=SAP,ou=system" );
+        
+        // Add a IAP now
+        Entry iap = LdifUtils.createEntry( 
+            "ou=IAP,ou=SAP,ou=system", 
+            "ObjectClass: top",
+            "ObjectClass: organizationalUnit", 
+            "ou: IAP",
+            "administrativeRole: accessControlInnerArea" );
+
+        AddResponse response = adminConnection.add( iap );
+        assertEquals( ResultCodeEnum.SUCCESS, response.getLdapResult().getResultCode() );
+    }
+    
+    
+    // ===================================================================
+    // Test the Add operation for Subentries
+    // -------------------------------------------------------------------
+    // Failure expected
+    // -------------------------------------------------------------------
+    /**
+     * Test the renaming of a subentry using another AT than CN 
+     */
+    @Test
+    public void testRenameSubentryUsingOC() throws Exception
+    {
+        // First add an SAP
+        createCaSAP( "ou=SAP,ou=system" ); 
+        
+        // Add a subentry
+        createCaSubentry( "cn=test,ou=SAP,ou=system", "{}" );
+
+        // Now, try to rename the subentry to "objectClass=subentry, ..."
+        ModifyDnResponse response = adminConnection.rename( "cn=test,ou=SAP,ou=system", "objectClass=subentry"
);
+        
+        assertEquals( ResultCodeEnum.UNWILLING_TO_PERFORM, response.getLdapResult().getResultCode()
);
+    }
+    
+    
+    /**
+     * Test the renaming of a subentry to a name already in use 
+     */
+    @Test
+    public void testRenameSubentryAlreadyExist() throws Exception
+    {
+        // First add an SAP
+        createCaSAP( "ou=SAP,ou=system" ); 
+        
+        // Add a subentry
+        createCaSubentry( "cn=test,ou=SAP,ou=system", "{}" );
+
+        // Add a second subentry
+        createCaSubentry( "cn=test2,ou=SAP,ou=system", "{}" );
+
+        // Now, try to rename the subentry to "sn=test, ..."
+        ModifyDnResponse response = adminConnection.rename( "cn=test,ou=SAP,ou=system", "cn=test2"
);
+        
+        assertEquals( ResultCodeEnum.ENTRY_ALREADY_EXISTS, response.getLdapResult().getResultCode()
);
+    }
+    
+    
+    /**
+     * Test the renaming of a subentry using an empty CN 
+     */
+    @Test
+    public void testRenameSubentryEmptyCN() throws Exception
+    {
+        // First add an SAP
+        createCaSAP( "ou=SAP,ou=system" ); 
+        
+        // Add a subentry
+        createCaSubentry( "cn=test,ou=SAP,ou=system", "{}" );
+
+        // Now, try to rename the subentry to "cn=,..."
+        ModifyDnResponse response = adminConnection.rename( "cn=test,ou=SAP,ou=system", "cn="
);
+        
+        assertEquals( ResultCodeEnum.INVALID_ATTRIBUTE_SYNTAX, response.getLdapResult().getResultCode()
);
+    }
+    
+    
+    // -------------------------------------------------------------------
+    // Success expected
+    // -------------------------------------------------------------------
+    /**
+     * Test the addition of a subentry under an AAP
+     */
+    @Test
+    @Ignore
+    public void testAddSubentryUnderAAP() throws Exception
+    {
+        // First add an AAP
+        createAAP( "ou=AAP,ou=system" );
+        
+        // Add a subentry now
+        Entry subentry = LdifUtils.createEntry( 
+            "cn=test,ou=AAP,ou=system", 
+            "ObjectClass: top",
+            "ObjectClass: subentry", 
+            "ObjectClass: collectiveAttributeSubentry",
+            "cn: test",
+            "subtreeSpecification: {}", 
+            "c-o: Test Org" );
+
+        AddResponse response = adminConnection.add( subentry );
+        assertEquals( ResultCodeEnum.SUCCESS, response.getLdapResult().getResultCode() );
+    }
+    
+    
+    /**
+     * Test the addition of a subentry under a SAP
+     */
+    @Test
+    @Ignore
+    public void testAddSubentryUnderSAP() throws Exception
+    {
+        // First add an SAP
+        createCaSAP( "ou=SAP,ou=system" ); 
+        
+        // Add a subentry now
+        Entry subentry = LdifUtils.createEntry( 
+            "cn=test,ou=SAP,ou=system", 
+            "ObjectClass: top",
+            "ObjectClass: subentry", 
+            "ObjectClass: collectiveAttributeSubentry",
+            "cn: test",
+            "subtreeSpecification: {}", 
+            "c-o: Test Org" );
+
+        AddResponse response = adminConnection.add( subentry );
+        assertEquals( ResultCodeEnum.SUCCESS, response.getLdapResult().getResultCode() );
+    }
+    
+    
+    /**
+     * Test the addition of a subentry under an IAP
+     */
+    @Test
+    @Ignore
+    public void testAddSubentryUnderIAP() throws Exception
+    {
+        // First add an SAP
+        createCaSAP( "ou=SAP,ou=system" ); 
+        
+        // Add a IAP now
+        Entry iap = LdifUtils.createEntry( 
+            "ou=IAP,ou=SAP,ou=system", 
+            "ObjectClass: top",
+            "ObjectClass: organizationalUnit", 
+            "ou: IAP",
+            "administrativeRole: collectiveAttributeInnerArea" );
+
+        AddResponse response = adminConnection.add( iap );
+        assertEquals( ResultCodeEnum.SUCCESS, response.getLdapResult().getResultCode() );
+        
+        // Add a subentry now
+        createCaSubentry( "cn=test,ou=SAP,ou=system", "{}" );
+    }
+    
+    
+    /**
+     * Test the addition of a subentry with 2 roles under an AAP
+     */
+    @Test
+    @Ignore
+    public void testAddSubentryWith2Roles() throws Exception
+    {
+        // First add an AAP
+        createAAP( "ou=AAP,ou=system" ); 
+        
+        // Add a subentry now
+        Entry subentry = LdifUtils.createEntry( 
+            "cn=test,ou=AAP,ou=system", 
+            "ObjectClass: top",
+            "ObjectClass: subentry", 
+            "ObjectClass: collectiveAttributeSubentry",
+            "ObjectClass: accessControlSubentry",
+            "cn: test",
+            "subtreeSpecification: {}", 
+            "c-o: Test Org",
+            "prescriptiveACI: { " 
+            + "  identificationTag \"addAci\", "
+            + "  precedence 14, " 
+            + "  authenticationLevel none, " 
+            + "  itemOrUserFirst userFirst: " 
+            + "  { "
+            + "    userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" }
}," 
+            + "    userPermissions "
+            + "    { " 
+            + "      { " 
+            + "        protectedItems { entry, allUserAttributeTypesAndValues }, "
+            + "        grantsAndDenials { grantCompare, grantRead, grantBrowse } " 
+            + "      } " 
+            + "    } " 
+            + "  } "
+            + "}" );
+
+        AddResponse response = adminConnection.add( subentry );
+        assertEquals( ResultCodeEnum.SUCCESS, response.getLdapResult().getResultCode() );
+        
+        DN subentryDN = new DN( "cn=test, ou=AAP,ou=system" );
+        
+        // Get back the subentry
+        Entry addedSE = adminConnection.lookup( subentryDN, "+" );
+        String subentryUUID = addedSE.get( "entryUUID" ).getString();
+        
+        DN apDn = new DN( "ou=AAP,ou=system" );
+        apDn.normalize( service.getSchemaManager() );
+        
+        // Check that we have a ref to the added subentry in the two APs (AC and CA)
+        AdministrativePoint apAC = service.getAccessControlAPCache().getElement( apDn );
+        
+        assertNotNull( apAC.getSubentries() );
+        assertEquals( 1, apAC.getSubentries().size() );
+        Subentry subentryAC = (Subentry)(apAC.getSubentries().toArray()[0]);
+        
+        assertEquals( subentryAC.getUuid(), subentryUUID );
+
+        AdministrativePoint apCA = service.getCollectiveAttributeAPCache().getElement( apDn
);
+        
+        assertNotNull( apCA.getSubentries() );
+        assertEquals( 1, apCA.getSubentries().size() );
+        Subentry subentryCA = (Subentry)(apCA.getSubentries().toArray()[0]);
+        
+        assertEquals( subentryCA.getUuid(), subentryUUID );
+    }
+    
+    
+    // ===================================================================
+    // Test the Add operation for Entries
+    // -------------------------------------------------------------------
+    // -------------------------------------------------------------------
+    // Success expected
+    // -------------------------------------------------------------------
+    /**
+     * Test the addition of a SAP, SE and 2 entries
+     */
+    @Test
+    @Ignore
+    public void testAdd2Entries() throws Exception
+    {
+        // First add an SAP
+        createCaSAP( "ou=SAP,ou=system" );
+        assertEquals( -1L, getCaSeqNumber( "ou=SAP,ou=system" ) );
+        
+        // Create a first entry
+        Entry e1 = LdifUtils.createEntry( 
+            "cn=e1,ou=SAP,ou=system", 
+            "ObjectClass: top",
+            "ObjectClass: person", 
+            "cn: e1", 
+            "sn: entry 1" );
+        
+        AddResponse response = adminConnection.add( e1 );
+        assertEquals( ResultCodeEnum.SUCCESS, response.getLdapResult().getResultCode() );
+
+        assertEquals( -1L, getCaSeqNumber( "cn=e1,ou=SAP,ou=system" ) );
+        
+        // Create a second entry
+        Entry e2 = LdifUtils.createEntry( 
+            "cn=e2,ou=SAP,ou=system", 
+            "ObjectClass: top",
+            "ObjectClass: person", 
+            "cn: e2", 
+            "sn: entry 2" );
+
+        response = adminConnection.add( e2 );
+        assertEquals( ResultCodeEnum.SUCCESS, response.getLdapResult().getResultCode() );
+
+        assertEquals( -1L, getCaSeqNumber( "cn=e2,ou=SAP,ou=system" ) );
+
+        // Add a subentry now
+        createCaSubentry( "cn=test,ou=SAP,ou=system", "{}" );
+        
+        // Get back the CA SeqNumber
+        long caSeqNumber = getCaSeqNumber( "ou=SAP,ou=system" );
+        
+        assertTrue( caSeqNumber > -1L );
+        
+        // Create a third entry
+        Entry e3 = LdifUtils.createEntry( 
+            "cn=e3,ou=SAP,ou=system", 
+            "ObjectClass: top",
+            "ObjectClass: person", 
+            "cn: e3", 
+            "sn: entry 3" );
+
+        response = adminConnection.add( e3 );
+        assertEquals( ResultCodeEnum.SUCCESS, response.getLdapResult().getResultCode() );
+
+        // The CASeqNumber for this entry must be the same than it's AP
+        assertEquals( caSeqNumber, getCaSeqNumber( "cn=e3,ou=SAP,ou=system" ) );
+
+        // Now, check that when we read the other entries, their CA seqNumber is also updated
+        assertEquals( caSeqNumber, getCaSeqNumber( "cn=e1,ou=SAP,ou=system" ) );
+        assertEquals( caSeqNumber, getCaSeqNumber( "cn=e2,ou=SAP,ou=system" ) );
+    }
+    
+    
+    /**
+     * Test an addition of AP, SE and entries with a selection
+     */
+    @Test
+    @Ignore
+    public void testAddComplex() throws Exception
+    {
+        // First add an SAP
+        createCaSAP( "ou=SAP,ou=system" );
+        
+        // Create a first entry
+        Entry e1 = LdifUtils.createEntry( 
+            "ou=e1,ou=SAP,ou=system", 
+            "ObjectClass: top",
+            "ObjectClass: organizationalUnit", 
+            "ou: e1" );
+        
+        AddResponse response = adminConnection.add( e1 );
+        assertEquals( -1L, getCaSeqNumber( "ou=e1,ou=SAP,ou=system" ) );
+        
+        // Create a second entry
+        Entry e2 = LdifUtils.createEntry( 
+            "cn=e2,ou=SAP,ou=system", 
+            "ObjectClass: top",
+            "ObjectClass: person", 
+            "cn: e2", 
+            "sn: entry 2" );
+
+        response = adminConnection.add( e2 );
+        assertEquals( -1L, getCaSeqNumber( "cn=e2,ou=SAP,ou=system" ) );
+
+        // Add a subentry now, selecting only entries with a person AT
+        createCaSubentry( "cn=test,ou=SAP,ou=system", "{ specificationFilter item:person
}" );
+        
+        // Get back the CA SeqNumber
+        long caSeqNumber = getCaSeqNumber( "ou=SAP,ou=system" );
+        
+        assertTrue( caSeqNumber > -1L );
+        
+        // Create a third entry under e1
+        Entry e3 = LdifUtils.createEntry( 
+            "cn=e3,ou=e1,ou=SAP,ou=system", 
+            "ObjectClass: top",
+            "ObjectClass: person", 
+            "cn: e3", 
+            "sn: entry 3" );
+
+        response = adminConnection.add( e3 );
+        assertEquals( ResultCodeEnum.SUCCESS, response.getLdapResult().getResultCode() );
+        
+        // Check the entries now: get the SAP SN and the Subentry UUID
+        long sapSN = getCaSeqNumber( "ou=SAP,ou=system" );
+        String uuid = adminConnection.lookup( "cn=test,ou=SAP,ou=system", "entryUUID" ).get(
"entryUUID" ).getString();
+
+        // E1
+        e1 = adminConnection.lookup( "ou=e1,ou=SAP,ou=system", "+" );
+        
+        assertNull( e1.get( "CollectiveAttributeSubentriesUUID" ) );
+        assertEquals( sapSN, Long.parseLong( e1.get( "CollectiveAttributeSeqNumber" ).getString()
) );
+        
+        // E2
+        e2 = adminConnection.lookup( "cn=e2,ou=SAP,ou=system", "+" );
+        
+        assertEquals( uuid, e2.get( "CollectiveAttributeSubentriesUUID" ).getString() );
+        assertEquals( sapSN, Long.parseLong( e2.get( "CollectiveAttributeSeqNumber" ).getString()
) );
+
+        // E3
+        e3 = adminConnection.lookup( "cn=e3,ou=e1,ou=SAP,ou=system", "+" );
+        
+        assertEquals( uuid, e3.get( "CollectiveAttributeSubentriesUUID" ).getString() );
+        assertEquals( sapSN, Long.parseLong( e3.get( "CollectiveAttributeSeqNumber" ).getString()
) );
+    }
+}

Modified: directory/apacheds/branches/apacheds-AP/core/src/main/java/org/apache/directory/server/core/subtree/SubentryInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-AP/core/src/main/java/org/apache/directory/server/core/subtree/SubentryInterceptor.java?rev=1057255&r1=1057254&r2=1057255&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-AP/core/src/main/java/org/apache/directory/server/core/subtree/SubentryInterceptor.java
(original)
+++ directory/apacheds/branches/apacheds-AP/core/src/main/java/org/apache/directory/server/core/subtree/SubentryInterceptor.java
Mon Jan 10 16:10:52 2011
@@ -81,6 +81,7 @@ import org.apache.directory.server.core.
 import org.apache.directory.server.core.interceptor.context.LookupOperationContext;
 import org.apache.directory.server.core.interceptor.context.ModifyOperationContext;
 import org.apache.directory.server.core.interceptor.context.OperationContext;
+import org.apache.directory.server.core.interceptor.context.RenameOperationContext;
 import org.apache.directory.server.core.interceptor.context.SearchOperationContext;
 import org.apache.directory.server.core.interceptor.context.SearchingOperationContext;
 import org.apache.directory.server.core.normalization.NormalizationInterceptor;
@@ -114,6 +115,7 @@ import org.apache.directory.shared.ldap.
 import org.apache.directory.shared.ldap.message.AliasDerefMode;
 import org.apache.directory.shared.ldap.message.ResultCodeEnum;
 import org.apache.directory.shared.ldap.name.DN;
+import org.apache.directory.shared.ldap.name.RDN;
 import org.apache.directory.shared.ldap.schema.AttributeType;
 import org.apache.directory.shared.ldap.schema.NormalizerMappingResolver;
 import org.apache.directory.shared.ldap.schema.SchemaManager;
@@ -171,6 +173,9 @@ public class SubentryInterceptor extends
     /** A reference to the ObjectClass AT */
     private static AttributeType OBJECT_CLASS_AT;
     
+    /** A reference to the CN AT */
+    private static AttributeType CN_AT;
+    
     /** A reference to the EntryUUID AT */
     private static AttributeType ENTRY_UUID_AT;
 
@@ -530,6 +535,7 @@ public class SubentryInterceptor extends
         ADMINISTRATIVE_ROLE_AT = schemaManager.getAttributeType( SchemaConstants.ADMINISTRATIVE_ROLE_AT
);
         SUBTREE_SPECIFICATION_AT = schemaManager.getAttributeType( SchemaConstants.SUBTREE_SPECIFICATION_AT
);
         ENTRY_UUID_AT = schemaManager.getAttributeType( SchemaConstants.ENTRY_UUID_AT );
+        CN_AT = schemaManager.getAttributeType( SchemaConstants.CN_AT );
         
         ACCESS_CONTROL_SEQ_NUMBER_AT = schemaManager.getAttributeType( ApacheSchemaConstants.ACCESS_CONTROL_SEQ_NUMBER_AT
);
         ACCESS_CONTROL_SUBENTRIES_AT = schemaManager.getAttributeType( SchemaConstants.ACCESS_CONTROL_SUBENTRIES_AT
);
@@ -1076,7 +1082,7 @@ public class SubentryInterceptor extends
     /**
      * Tells if the role is a SS SAP
      */
-    private boolean isSubschemaSpecficRole( String role )
+    private boolean isSubschemaSpecificRole( String role )
     {
         return role.equalsIgnoreCase( SchemaConstants.SUB_SCHEMA_ADMIN_SPECIFIC_AREA ) ||
                role.equals( SchemaConstants.SUB_SCHEMA_ADMIN_SPECIFIC_AREA_OID );
@@ -1104,6 +1110,20 @@ public class SubentryInterceptor extends
 
 
     /**
+     * Tells if the Administrative Point role is an IAP
+     */
+    private boolean isIAP( EntryAttribute adminPoint )
+    {
+        return ( adminPoint.contains( SchemaConstants.ACCESS_CONTROL_INNER_AREA ) || 
+            adminPoint.contains( SchemaConstants.ACCESS_CONTROL_INNER_AREA_OID ) ||
+            adminPoint.contains( SchemaConstants.COLLECTIVE_ATTRIBUTE_INNER_AREA ) ||
+            adminPoint.contains( SchemaConstants.COLLECTIVE_ATTRIBUTE_INNER_AREA_OID ) ||
+            adminPoint.contains( SchemaConstants.TRIGGER_EXECUTION_INNER_AREA ) ||
+            adminPoint.contains( SchemaConstants.TRIGGER_EXECUTION_INNER_AREA_OID ) );
+    }
+
+
+    /**
      * Check that we don't have an IAP and a SAP with the same family
      */
     private void checkInnerSpecificMix( String role, EntryAttribute adminPoint ) throws LdapUnwillingToPerformException
@@ -1715,7 +1735,7 @@ public class SubentryInterceptor extends
             }
 
             // Deal with SubSchema AP
-            if ( isSubschemaSpecficRole( role ) )
+            if ( isSubschemaSpecificRole( role ) )
             {
                 SubschemaAdministrativePoint sap = new SubschemaSAP( uuid, seqNumber );
                 directoryService.getSubschemaAPCache().add( dn, sap );
@@ -2727,16 +2747,74 @@ public class SubentryInterceptor extends
 
     /**
      * {@inheritDoc}
-     *
+     */
     public void rename( NextInterceptor next, RenameOperationContext renameContext ) throws
LdapException
     {
+        LOG.debug( "Entering into the Subtree Interceptor, renameRequest : {}", renameContext
);
         DN oldDn = renameContext.getDn();
+        RDN oldRdn = oldDn.getRdn();
+        RDN newRdn = renameContext.getNewRdn();
+        DN newDn = oldDn.getParent().add( newRdn );
 
         Entry entry = renameContext.getEntry().getClonedEntry();
 
-        if ( entry.contains( OBJECT_CLASS_AT, SchemaConstants.SUBENTRY_OC ) )
+        boolean isAdmin = renameContext.getSession().getAuthenticatedPrincipal().getName().equals(
+            ServerDNConstants.ADMIN_SYSTEM_DN_NORMALIZED );
+
+        // Check if we are adding an Administrative Point
+        EntryAttribute adminPointAT = entry.get( ADMINISTRATIVE_ROLE_AT );
+
+        // First, deal with an AP addition
+        if ( adminPointAT != null )
         {
-            // @Todo To be reviewed !!!
+            // This is an AP. If it's a SAP, we have nothing to do, as a rename does not
modify 
+            // the subtree evaluations, nor does it impact any underlying entries.
+            // If the AP is an IAP, then as the underlying entries will be modified, then
+            // we have to update the IAP seqNumber : the underlying entries might be impacted
+            // as the parent's AP for the renamed IAP may have a base or some chopBefore/chopAfter
+            // specificExclusion that depend on the old name.
+            if ( isIAP( adminPointAT) )
+            {
+            }
+            else
+            {
+                next.rename( renameContext );
+            }
+        }
+        else if ( entry.contains( OBJECT_CLASS_AT, SchemaConstants.SUBENTRY_OC ) )
+        {
+            // First check that the rename is legal : the new RDN must be a valid CN
+            AttributeType newAT = directoryService.getSchemaManager().getAttributeType( newRdn.getNormType()
);
+            
+            if ( !CN_AT.equals( newAT ) )
+            {
+                String message = "Cannot rename a subentry using an AttributeType which is
not CN : " + renameContext;
+                LOG.error( message );
+                throw new LdapUnwillingToPerformException( message );
+            }
+
+            // Get the new name
+            EntryAttribute newCn = new DefaultEntryAttribute( CN_AT, newRdn.getUpValue()
);
+
+            // It's a subentry : we just have to update the subentryCache
+            next.rename( renameContext );
+            
+            // We can update the Subentry cache, removing the old subentry and
+            // adding the new subentry with the new CN
+            Subentry[] subentries = directoryService.getSubentryCache().removeSubentry( oldDn
);
+
+            for ( Subentry subentry : subentries )
+            {
+                subentry.setCn( newCn );
+                directoryService.getSubentryCache().addSubentry( newDn, subentry );
+            }
+        }
+        else
+        {
+            // A normal entry
+            next.rename( renameContext );
+        }
+        /*
             Subentry subentry = directoryService.getSubentryUuidCache().removeSubentry( oldDn.toString()
);
             SubtreeSpecification ss = subentry.getSubtreeSpecification();
             DN apName = oldDn.getParent();
@@ -2807,6 +2885,7 @@ public class SubentryInterceptor extends
                 nexus.modify( new ModifyOperationContext( renameContext.getSession(), newName,
mods ) );
             }
         }
+        */
     }
 
 



Mime
View raw message