directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From elecha...@apache.org
Subject svn commit: r1059438 - in /directory/apacheds/trunk: core-integ/src/test/java/org/apache/directory/server/core/authz/ core/src/main/java/org/apache/directory/server/core/admin/
Date Sun, 16 Jan 2011 02:57:35 GMT
Author: elecharny
Date: Sun Jan 16 02:57:35 2011
New Revision: 1059438

URL: http://svn.apache.org/viewvc?rev=1059438&view=rev
Log:
o Added some check to see if the AP cache is correctly reloaded if the server is stopped
o Fixed an issue in the AP cache modification

Modified:
    directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AddAuthorizationIT.java
    directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AutzIntegUtils.java
    directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/admin/AdministrativePointInterceptor.java

Modified: directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AddAuthorizationIT.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AddAuthorizationIT.java?rev=1059438&r1=1059437&r2=1059438&view=diff
==============================================================================
--- directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AddAuthorizationIT.java
(original)
+++ directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AddAuthorizationIT.java
Sun Jan 16 02:57:35 2011
@@ -31,8 +31,6 @@ import org.apache.directory.ldap.client.
 import org.apache.directory.server.core.annotations.CreateDS;
 import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
 import org.apache.directory.server.core.integ.FrameworkRunner;
-import org.apache.directory.server.core.integ.IntegrationUtils;
-import org.apache.directory.shared.ldap.constants.SchemaConstants;
 import org.apache.directory.shared.ldap.entry.DefaultEntry;
 import org.apache.directory.shared.ldap.entry.Entry;
 import org.apache.directory.shared.ldap.exception.LdapException;
@@ -66,7 +64,7 @@ public class AddAuthorizationIT extends 
     @After
     public void closeConnections()
     {
-        IntegrationUtils.closeConnections();
+        //IntegrationUtils.closeConnections();
     }
 
 
@@ -86,14 +84,16 @@ public class AddAuthorizationIT extends 
      */
     public boolean checkCanAddEntryAs( String uid, String password, String entryRdn ) throws
Exception
     {
+        LdapConnection connection = null;
+
         try
         {
             DN userName = new DN( "uid=" + uid + ",ou=users,ou=system" );
-            LdapConnection connection = getConnectionAs( userName, password );
+            connection = getConnectionAs( userName, password );
 
-            Entry entry = new DefaultEntry( new DN( "ou=testou,ou=system" ) );
-            entry.add( SchemaConstants.OU_AT, "testou" );
-            entry.add( SchemaConstants.OBJECT_CLASS_AT, "organizationalUnit" );
+            Entry entry = new DefaultEntry( new DN( "ou=system" ).add( entryRdn ) );
+            entry.add( "ou", "testou" );
+            entry.add( "ObjectClass", "top", "organizationalUnit" );
 
             AddResponse resp = connection.add( entry );
 
@@ -103,7 +103,6 @@ public class AddAuthorizationIT extends 
             }
 
             connection.delete( entry.getDn() );
-            connection.close();
 
             return true;
         }
@@ -111,6 +110,13 @@ public class AddAuthorizationIT extends 
         {
             return false;
         }
+        finally
+        {
+            if ( connection != null )
+            {
+                connection.close();
+            }
+        }
     }
 
 
@@ -130,11 +136,23 @@ public class AddAuthorizationIT extends 
 
         // Gives grantAdd perm to all users in the Administrators group for
         // entries and all attribute types and values
-        createAccessControlSubentry( "administratorAdd", "{ " + "  identificationTag \"addAci\",
"
-            + "  precedence 14, " + "  authenticationLevel none, " + "  itemOrUserFirst userFirst:
" + "  { "
-            + "    userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\" }
}, " + "    userPermissions "
-            + "    { " + "      { " + "        protectedItems {entry, allUserAttributeTypesAndValues},
"
-            + "        grantsAndDenials { grantAdd, grantBrowse } " + "      } " + "    }
" + "  } " + "}" );
+        createAccessControlSubentry( "administratorAdd",
+            "{ " +
+                "  identificationTag \"addAci\", " +
+                "  precedence 14, " +
+                "  authenticationLevel none, " +
+                "  itemOrUserFirst userFirst: " +
+                "  { " +
+                "    userClasses { userGroup { \"cn=Administrators,ou=groups,ou=system\"
} }, " +
+                "    userPermissions " +
+                "    { " +
+                "      { " +
+                "        protectedItems {entry, allUserAttributeTypesAndValues}, " +
+                "        grantsAndDenials { grantAdd, grantBrowse } " +
+                "      } " +
+                "    } " +
+                "  } " +
+                "}" );
 
         // see if we can now add that test entry which we could not before
         // add op should still fail since billd is not in the admin group
@@ -145,6 +163,20 @@ public class AddAuthorizationIT extends 
 
         // try an add operation which should succeed with ACI and group membership change
         assertTrue( checkCanAddEntryAs( "billyd", "billyd", "ou=testou" ) );
+
+        // Now, make sure the ACI is persisted if we stop and restart the server
+        // Stop the server now, we will restart it immediately 
+        // And shutdown the DS too
+        service.shutdown();
+        assertFalse( service.isStarted() );
+
+        // And restart
+        service.startup();
+
+        assertTrue( service.isStarted() );
+
+        // try an add operation which should succeed with ACI and group membership change
+        assertTrue( checkCanAddEntryAs( "billyd", "billyd", "ou=testou" ) );
     }
 
 
@@ -163,11 +195,23 @@ public class AddAuthorizationIT extends 
         assertFalse( checkCanAddEntryAs( "billyd", "billyd", "ou=testou" ) );
 
         // now add a subentry that enables user billyd to add an entry below ou=system
-        createAccessControlSubentry( "billydAdd", "{ " + "  identificationTag \"addAci\",
" + "  precedence 14, "
-            + "  authenticationLevel none, " + "  itemOrUserFirst userFirst: " + "  { "
-            + "    userClasses { name { \"uid=billyd,ou=users,ou=system\" } }, " + "    userPermissions
" + "    { "
-            + "      { " + "        protectedItems {entry, allUserAttributeTypesAndValues},
"
-            + "        grantsAndDenials { grantAdd, grantBrowse } " + "      } " + "    }
" + "  } " + "}" );
+        createAccessControlSubentry( "billydAdd",
+            "{ " +
+                "  identificationTag \"addAci\", " +
+                "  precedence 14, " +
+                "  authenticationLevel none, " +
+                "  itemOrUserFirst userFirst: " +
+                "  { " +
+                "    userClasses { name { \"uid=billyd,ou=users,ou=system\" } }, " +
+                "    userPermissions " +
+                "    { " +
+                "      { " +
+                "        protectedItems {entry, allUserAttributeTypesAndValues}, " +
+                "        grantsAndDenials { grantAdd, grantBrowse } " +
+                "      } " +
+                "    } " +
+                "  } " +
+                "}" );
 
         // should work now that billyd is authorized by name
         assertTrue( checkCanAddEntryAs( "billyd", "billyd", "ou=testou" ) );
@@ -189,12 +233,26 @@ public class AddAuthorizationIT extends 
         assertFalse( checkCanAddEntryAs( "billyd", "billyd", "ou=testou" ) );
 
         // now add a subentry that enables user billyd to add an entry below ou=system
-        createAccessControlSubentry( "billyAddBySubtree", "{ " + "  identificationTag \"addAci\",
"
-            + "  precedence 14, " + "  authenticationLevel none, " + "  itemOrUserFirst userFirst:
" + "  { "
-            + "    userClasses " + "    { " + "      subtree { { base \"ou=users,ou=system\"
} } " + "    }, "
-            + "    userPermissions " + "    { " + "      { "
-            + "        protectedItems {entry, allUserAttributeTypesAndValues}, "
-            + "        grantsAndDenials { grantAdd, grantBrowse } " + "      } " + "    }
" + "  } " + "}" );
+        createAccessControlSubentry( "billyAddBySubtree",
+            "{ " +
+                "  identificationTag \"addAci\", " +
+                "  precedence 14, " +
+                "  authenticationLevel none, " +
+                "  itemOrUserFirst userFirst: " +
+                "  { " +
+                "    userClasses " +
+                "    { " +
+                "      subtree { { base \"ou=users,ou=system\" } } " +
+                "    }, " +
+                "    userPermissions " +
+                "    { " +
+                "      { " +
+                "        protectedItems {entry, allUserAttributeTypesAndValues}, " +
+                "        grantsAndDenials { grantAdd, grantBrowse } " +
+                "      } " +
+                "    } " +
+                "  } " +
+                "}" );
 
         // should work now that billyd is authorized by the subtree userClass
         assertTrue( checkCanAddEntryAs( "billyd", "billyd", "ou=testou" ) );
@@ -216,11 +274,23 @@ public class AddAuthorizationIT extends 
         assertFalse( checkCanAddEntryAs( "billyd", "billyd", "ou=testou" ) );
 
         // now add a subentry that enables anyone to add an entry below ou=system
-        createAccessControlSubentry( "anybodyAdd", "{ " + "  identificationTag \"addAci\",
" + "  precedence 14, "
-            + "  authenticationLevel none, " + "  itemOrUserFirst userFirst: " + "  { "
-            + "    userClasses { allUsers }, " + "    userPermissions " + "    { " + "  
   { "
-            + "        protectedItems {entry, allUserAttributeTypesAndValues}, "
-            + "        grantsAndDenials { grantAdd, grantBrowse } " + "      } " + "    }
" + "  } " + "}" );
+        createAccessControlSubentry( "anybodyAdd",
+            "{ " +
+                "  identificationTag \"addAci\", " +
+                "  precedence 14, " +
+                "  authenticationLevel none, " +
+                "  itemOrUserFirst userFirst: " +
+                "  { " +
+                "    userClasses { allUsers }, " +
+                "    userPermissions " +
+                "    { " +
+                "      { " +
+                "        protectedItems {entry, allUserAttributeTypesAndValues}, " +
+                "        grantsAndDenials { grantAdd, grantBrowse } " +
+                "      } " +
+                "    } " +
+                "  } " +
+                "}" );
 
         // see if we can now add that test entry which we could not before
         // should work now with billyd now that all users are authorized

Modified: directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AutzIntegUtils.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AutzIntegUtils.java?rev=1059438&r1=1059437&r2=1059438&view=diff
==============================================================================
--- directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AutzIntegUtils.java
(original)
+++ directory/apacheds/trunk/core-integ/src/test/java/org/apache/directory/server/core/authz/AutzIntegUtils.java
Sun Jan 16 02:57:35 2011
@@ -21,10 +21,8 @@ package org.apache.directory.server.core
 
 
 import org.apache.directory.ldap.client.api.LdapConnection;
-import org.apache.directory.server.constants.ServerDNConstants;
 import org.apache.directory.server.core.DirectoryService;
 import org.apache.directory.server.core.integ.IntegrationUtils;
-import org.apache.directory.shared.ldap.constants.SchemaConstants;
 import org.apache.directory.shared.ldap.entry.DefaultEntry;
 import org.apache.directory.shared.ldap.entry.Entry;
 import org.apache.directory.shared.ldap.entry.EntryAttribute;
@@ -91,11 +89,12 @@ public class AutzIntegUtils
     {
         DN groupDN = new DN( "cn=" + cn + ",ou=groups,ou=system" );
         Entry entry = new DefaultEntry( groupDN );
-        entry.add( SchemaConstants.OBJECT_CLASS_AT, "groupOfUniqueNames" );
-        entry.add( SchemaConstants.UNIQUE_MEMBER_AT, firstMemberDn );
-        entry.add( SchemaConstants.CN_AT, cn );
+        entry.add( "ObjectClass", "groupOfUniqueNames" );
+        entry.add( "uniqueMember", firstMemberDn );
+        entry.add( "cn", cn );
 
         getAdminConnection().add( entry );
+
         return groupDN;
     }
 
@@ -128,11 +127,11 @@ public class AutzIntegUtils
         LdapConnection connection = getAdminConnection();
 
         Entry entry = new DefaultEntry( new DN( "uid=" + uid + ",ou=users,ou=system" ) );
-        entry.add( SchemaConstants.UID_AT, uid );
-        entry.add( SchemaConstants.OBJECT_CLASS_AT, "person", "organizationalPerson", "inetOrgPerson"
);
-        entry.add( SchemaConstants.SN_AT, uid );
-        entry.add( SchemaConstants.CN_AT, uid );
-        entry.add( SchemaConstants.USER_PASSWORD_AT, password );
+        entry.add( "uid", uid );
+        entry.add( "objectClass", "top", "person", "organizationalPerson", "inetOrgPerson"
);
+        entry.add( "sn", uid );
+        entry.add( "cn", uid );
+        entry.add( "userPassword", password );
 
         connection.add( entry );
 
@@ -154,10 +153,10 @@ public class AutzIntegUtils
         DN groupDN = new DN( "cn=" + groupName + ",ou=groups,ou=system" );
 
         Entry entry = new DefaultEntry( groupDN );
-        entry.add( SchemaConstants.OBJECT_CLASS_AT, "groupOfUniqueNames" );
+        entry.add( "objectClass", "top", "groupOfUniqueNames" );
         // TODO might be ServerDNConstants.ADMIN_SYSTEM_DN_NORMALIZED
-        entry.add( SchemaConstants.UNIQUE_MEMBER_AT, "uid=admin, ou=system" );
-        entry.add( SchemaConstants.CN_AT, groupName );
+        entry.add( "uniqueMember", "uid=admin, ou=system" );
+        entry.add( "cn", groupName );
 
         getAdminConnection().add( entry );
 
@@ -179,7 +178,7 @@ public class AutzIntegUtils
 
         ModifyRequest modReq = new ModifyRequestImpl();
         modReq.setName( new DN( "cn=" + groupCn + ",ou=groups,ou=system" ) );
-        modReq.add( SchemaConstants.UNIQUE_MEMBER_AT, "uid=" + userUid + ",ou=users,ou=system"
);
+        modReq.add( "uniqueMember", "uid=" + userUid + ",ou=users,ou=system" );
 
         connection.modify( modReq ).getLdapResult().getResultCode();
     }
@@ -196,14 +195,14 @@ public class AutzIntegUtils
     {
         ModifyRequest modReq = new ModifyRequestImpl();
         modReq.setName( new DN( "cn=" + groupCn + ",ou=groups,ou=system" ) );
-        modReq.remove( SchemaConstants.UNIQUE_MEMBER_AT, "uid=" + userUid + ",ou=users,ou=system"
);
+        modReq.remove( "uniqueMember", "uid=" + userUid + ",ou=users,ou=system" );
         getAdminConnection().modify( modReq );
     }
 
 
     public static void deleteAccessControlSubentry( String cn ) throws Exception
     {
-        getAdminConnection().delete( "cn=" + cn + "," + ServerDNConstants.SYSTEM_DN );
+        getAdminConnection().delete( "cn=" + cn + "," + "ou=system" );
     }
 
 
@@ -235,12 +234,12 @@ public class AutzIntegUtils
     {
         LdapConnection connection = getAdminConnection();
 
-        Entry systemEntry = connection.lookup( ServerDNConstants.SYSTEM_DN, "+", "*" );
+        Entry systemEntry = connection.lookup( "ou=system", "+", "*" );
 
         // modify ou=system to be an AP for an A/C AA if it is not already
         EntryAttribute administrativeRole = systemEntry.get( "administrativeRole" );
 
-        if ( administrativeRole == null || !administrativeRole.contains( "accessControlSpecificArea"
) )
+        if ( ( administrativeRole == null ) || !administrativeRole.contains( "accessControlSpecificArea"
) )
         {
             ModifyRequest modReq = new ModifyRequestImpl();
             modReq.setName( systemEntry.getDn() );
@@ -249,11 +248,10 @@ public class AutzIntegUtils
         }
 
         // now add the A/C subentry below ou=system
-        Entry subEntry = new DefaultEntry( new DN( "cn=" + cn + "," + ServerDNConstants.SYSTEM_DN
) );
-        subEntry.add( SchemaConstants.OBJECT_CLASS_AT, SchemaConstants.SUBENTRY_OC,
-            SchemaConstants.ACCESS_CONTROL_SUBENTRY_OC );
-        subEntry.add( SchemaConstants.SUBTREE_SPECIFICATION_AT, subtree );
-        subEntry.add( SchemaConstants.PRESCRIPTIVE_ACI_AT, aciItem );
+        Entry subEntry = new DefaultEntry( new DN( "cn=" + cn + ",ou=system" ) );
+        subEntry.add( "objectClass", "top", "subentry", "accessControlSubentry" );
+        subEntry.add( "subtreeSpecification", subtree );
+        subEntry.add( "prescriptiveACI", aciItem );
 
         AddResponse addResp = connection.add( subEntry );
 
@@ -307,7 +305,7 @@ public class AutzIntegUtils
     public static void changePresciptiveACI( String cn, String aciItem ) throws Exception
     {
         ModifyRequest modReq = new ModifyRequestImpl();
-        modReq.setName( new DN( "cn=" + cn + "," + ServerDNConstants.SYSTEM_DN ) );
+        modReq.setName( new DN( "cn=" + cn + ",ou=system" ) );
         modReq.replace( "prescriptiveACI", aciItem );
         getAdminConnection().modify( modReq );
     }
@@ -316,7 +314,7 @@ public class AutzIntegUtils
     public static void addPrescriptiveACI( String cn, String aciItem ) throws Exception
     {
         ModifyRequest modReq = new ModifyRequestImpl();
-        modReq.setName( new DN( "cn=" + cn + "," + ServerDNConstants.SYSTEM_DN ) );
+        modReq.setName( new DN( "cn=" + cn + ",ou=system" ) );
         modReq.add( "prescriptiveACI", aciItem );
         getAdminConnection().modify( modReq );
     }

Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/admin/AdministrativePointInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/admin/AdministrativePointInterceptor.java?rev=1059438&r1=1059437&r2=1059438&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/admin/AdministrativePointInterceptor.java
(original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/admin/AdministrativePointInterceptor.java
Sun Jan 16 02:57:35 2011
@@ -1424,6 +1424,9 @@ public class AdministrativePointIntercep
                             }
 
                             modifiedAdminRole.remove( value );
+                            delRole( value.getString(), dn, uuid, acapCacheCopy, caapCacheCopy,
teapCacheCopy,
+                                ssapCacheCopy );
+
                         }
 
                         break;



Mime
View raw message