directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From elecha...@apache.org
Subject svn commit: r1200408 [3/5] - in /directory/apacheds/branches/apacheds-txns: core-api/ core-api/src/main/java/org/apache/directory/server/core/api/ core-api/src/main/java/org/apache/directory/server/core/api/interceptor/ core-api/src/main/java/org/apach...
Date Thu, 10 Nov 2011 16:21:16 GMT
Modified: directory/apacheds/branches/apacheds-txns/core-jndi/src/main/java/org/apache/directory/server/core/jndi/ServerLdapContext.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-txns/core-jndi/src/main/java/org/apache/directory/server/core/jndi/ServerLdapContext.java?rev=1200408&r1=1200407&r2=1200408&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-txns/core-jndi/src/main/java/org/apache/directory/server/core/jndi/ServerLdapContext.java (original)
+++ directory/apacheds/branches/apacheds-txns/core-jndi/src/main/java/org/apache/directory/server/core/jndi/ServerLdapContext.java Thu Nov 10 16:21:12 2011
@@ -285,6 +285,7 @@ public class ServerLdapContext extends S
     public void ldapUnbind() throws NamingException
     {
         UnbindOperationContext opCtx = new UnbindOperationContext( getSession() );
+        
         try
         {
             opCtx.addRequestControls( JndiUtils.fromJndiControls( getDirectoryService().getLdapCodecService(), 

Modified: directory/apacheds/branches/apacheds-txns/core/src/main/java/org/apache/directory/server/core/DefaultDirectoryService.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-txns/core/src/main/java/org/apache/directory/server/core/DefaultDirectoryService.java?rev=1200408&r1=1200407&r2=1200408&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-txns/core/src/main/java/org/apache/directory/server/core/DefaultDirectoryService.java (original)
+++ directory/apacheds/branches/apacheds-txns/core/src/main/java/org/apache/directory/server/core/DefaultDirectoryService.java Thu Nov 10 16:21:12 2011
@@ -26,14 +26,21 @@ import java.io.FileNotFoundException;
 import java.io.IOException;
 import java.io.RandomAccessFile;
 import java.io.StringReader;
+import java.lang.reflect.Method;
 import java.nio.channels.FileLock;
 import java.nio.channels.OverlappingFileLockException;
 import java.util.ArrayList;
 import java.util.Arrays;
+import java.util.HashMap;
 import java.util.HashSet;
 import java.util.List;
+import java.util.Map;
 import java.util.Set;
 import java.util.UUID;
+import java.util.concurrent.ConcurrentHashMap;
+import java.util.concurrent.locks.Lock;
+import java.util.concurrent.locks.ReadWriteLock;
+import java.util.concurrent.locks.ReentrantReadWriteLock;
 
 import javax.naming.directory.Attributes;
 
@@ -45,6 +52,7 @@ import org.apache.directory.server.core.
 import org.apache.directory.server.core.api.DnFactory;
 import org.apache.directory.server.core.api.InstanceLayout;
 import org.apache.directory.server.core.api.LdapPrincipal;
+import org.apache.directory.server.core.api.OperationEnum;
 import org.apache.directory.server.core.api.OperationManager;
 import org.apache.directory.server.core.api.ReferralManager;
 import org.apache.directory.server.core.api.administrative.AccessControlAdministrativePoint;
@@ -234,6 +242,17 @@ public class DefaultDirectoryService imp
 
     /** The list of declared interceptors */
     private List<Interceptor> interceptors;
+    private Map<String, Interceptor> interceptorNames;
+    
+    /** A lock to protect the interceptors List */
+    private ReadWriteLock interceptorsLock = new ReentrantReadWriteLock();
+    
+    /** The read and write locks */
+    private Lock readLock  = interceptorsLock.readLock();
+    private Lock writeLock  = interceptorsLock.writeLock();
+    
+    /** A map associating a list of interceptor to each operation */
+    private Map<OperationEnum, List<String>> operationInterceptors;
 
     /** The System partition */
     private Partition systemPartition;
@@ -458,8 +477,174 @@ public class DefaultDirectoryService imp
     public List<Interceptor> getInterceptors()
     {
         List<Interceptor> cloned = new ArrayList<Interceptor>();
-        cloned.addAll( interceptors );
-        return cloned;
+    	
+        try
+        {
+            readLock.lock();
+            
+        	cloned.addAll( interceptors );
+        
+        	return cloned;
+        }
+        finally
+        {
+            readLock.unlock();
+        }
+    }
+
+
+    /**
+     * Returns interceptors in the server for a given operation.
+     *
+     * @return the interceptors in the server for the given operation.
+     */
+    public List<String> getInterceptors( OperationEnum operation )
+    {
+        List<String> cloned = new ArrayList<String>();
+        
+        try
+        {
+	        readLock.lock();
+	        cloned.addAll( operationInterceptors.get( operation ) );
+	        
+	        return cloned;
+        }
+        finally
+        {
+            readLock.unlock();
+        }
+
+    }
+    
+    
+    /**
+     * Compute the list of  to call for each operation
+     */
+    private void initOperationsList()
+    {
+    	try
+    	{
+	        writeLock.lock();
+	    	operationInterceptors = new ConcurrentHashMap<OperationEnum, List<String>>();
+	    	
+	    	for ( OperationEnum operation : OperationEnum.getOperations() )
+	    	{
+		    	List<String> operationList = new ArrayList<String>();
+		    	
+		        for ( Interceptor interceptor : interceptors )
+		        {
+			    	Method[] methods = interceptor.getClass().getDeclaredMethods();
+			    	
+			    	for ( Method method : methods )
+			    	{
+			    		if ( method.getName().equals( operation.getMethodName() ) )
+			    		{
+			    			operationList.add( interceptor.getName() );
+			    			break;
+			    		}
+			    	}
+		        }
+		        
+		        operationInterceptors.put( operation, operationList );
+	    	}
+    	}
+    	finally
+    	{
+    		writeLock.unlock();
+    	}
+    }
+    
+    
+    /**
+     * Add an interceptor to the list of interceptors to call for each operation
+     * @throws LdapException 
+     */
+    private void addInterceptor( Interceptor interceptor, int position ) throws LdapException
+    {
+    	// First, init the interceptor
+    	interceptor.init( this );
+    	
+    	try
+    	{
+	        writeLock.lock();
+	    	
+	    	for ( OperationEnum operation : OperationEnum.getOperations() )
+	    	{
+		    	List<String> operationList = operationInterceptors.get( operation );
+		    		    	
+		    	Method[] methods = interceptor.getClass().getDeclaredMethods();
+		    	
+		    	for ( Method method : methods )
+		    	{
+		    		if ( method.getName().equals( operation.getMethodName() ) )
+		    		{
+		    	    	if ( position == -1 )
+		    	    	{
+		    	    		operationList.add( interceptor.getName() );
+		    	    	}
+		    	    	else
+		    	    	{
+		    	    		operationList.add( position, interceptor.getName() );
+		    	    	}
+		    	    	
+		    			break;
+		    		}
+		    	}
+	    	}
+	    	
+	    	interceptorNames.put( interceptor.getName(), interceptor );
+	    	
+	    	if ( position == -1 )
+	    	{
+	    		interceptors.add( interceptor );
+	    	}
+	    	else
+	    	{
+	    		interceptors.add( position, interceptor );
+	    	}
+    	}
+    	finally
+    	{
+    		writeLock.unlock();
+    	}
+    }
+
+    
+    /**
+     * Remove an interceptor to the list of interceptors to call for each operation
+     */
+    private void removeOperationsList( String interceptorName )
+    {
+    	Interceptor interceptor = interceptorNames.get( interceptorName );
+    	
+    	try
+    	{
+	        writeLock.lock();
+	    	
+	    	for ( OperationEnum operation : OperationEnum.getOperations() )
+	    	{
+		    	List<String> operationList = operationInterceptors.get( operation );
+		    		    	
+		    	Method[] methods = interceptor.getClass().getDeclaredMethods();
+		    	
+		    	for ( Method method : methods )
+		    	{
+		    		if ( method.getName().equals( operation.getMethodName() ) )
+		    		{
+	    	    		operationList.remove( interceptor.getName() );
+		    	    	
+		    			break;
+		    		}
+		    	}
+	    	}
+	    	
+	    	interceptorNames.remove( interceptorName );
+	    	interceptors.remove( interceptor );
+    	}
+    	finally
+    	{
+    		writeLock.unlock();
+    	}
     }
 
 
@@ -470,19 +655,25 @@ public class DefaultDirectoryService imp
      */
     public void setInterceptors( List<Interceptor> interceptors )
     {
-        Set<String> names = new HashSet<String>();
+        Map<String, Interceptor> interceptorNames = new HashMap<String, Interceptor>();
 
+        // Check if we don't have duplicate names in the interceptors list
         for ( Interceptor interceptor : interceptors )
         {
-            if ( names.contains( interceptor.getName() ) )
+            if ( interceptorNames.containsKey( interceptor.getName() ) )
             {
                 LOG.warn( "Encountered duplicate definitions for {} interceptor", interceptor.getName() );
+                continue;
             }
             
-            names.add( interceptor.getName() );
+            interceptorNames.put( interceptor.getName(), interceptor );
         }
 
         this.interceptors = interceptors;
+        this.interceptorNames = interceptorNames;
+
+        // Now update the Map that connect each operation with the list of interceptors.
+    	initOperationsList();
     }
 
 
@@ -496,6 +687,7 @@ public class DefaultDirectoryService imp
     {
         List<LdifEntry> cloned = new ArrayList<LdifEntry>();
         cloned.addAll( testEntries );
+        
         return cloned;
     }
 
@@ -768,6 +960,8 @@ public class DefaultDirectoryService imp
         BindOperationContext bindContext = new BindOperationContext( null );
         bindContext.setCredentials( credentials );
         bindContext.setDn( principalDn );
+        bindContext.setInterceptors( getInterceptors( OperationEnum.BIND ) );
+        
         operationManager.bind( bindContext );
 
         return bindContext.getSession();
@@ -786,6 +980,8 @@ public class DefaultDirectoryService imp
         bindContext.setCredentials( credentials );
         bindContext.setDn( principalDn );
         bindContext.setSaslMechanism( saslMechanism );
+        bindContext.setInterceptors( getInterceptors( OperationEnum.BIND ) );
+
         operationManager.bind( bindContext );
 
         return bindContext.getSession();
@@ -1774,19 +1970,65 @@ public class DefaultDirectoryService imp
      */
     public Interceptor getInterceptor( String interceptorName )
     {
-        for ( Interceptor interceptor:interceptors )
+    	try
+    	{
+	        readLock.lock();
+	
+	        for ( Interceptor interceptor:interceptors )
+	        {
+	            if ( interceptor.getName().equalsIgnoreCase( interceptorName ) )
+	            {
+	                return interceptor;
+	            }
+	        }
+	        
+	        return null;
+        }
+        finally
         {
-            if ( interceptor.getName().equalsIgnoreCase( interceptorName ) )
-            {
-                return interceptor;
-            }
+            readLock.unlock();
         }
-
-        return null;
     }
 
 
     /**
+     * {@inheritDoc}
+     * @throws LdapException 
+     */
+	public void addFirst( Interceptor interceptor ) throws LdapException 
+	{
+		addInterceptor( interceptor, 0 );
+	}
+
+
+    /**
+     * {@inheritDoc}
+     * @throws LdapException 
+     */
+	public void addLast( Interceptor interceptor ) throws LdapException 
+	{
+		addInterceptor( interceptor, -1 );
+	}
+
+
+    /**
+     * {@inheritDoc}
+     */
+	public void addAfter( String interceptorName, Interceptor interceptor ) 
+	{
+	}
+
+
+    /**
+     * {@inheritDoc}
+     */
+	public void remove( String interceptorName ) 
+	{
+		removeOperationsList( interceptorName );
+	}
+
+
+    /**
      * Get a new CSN
      * @return The CSN generated for this directory service
      */
@@ -1988,5 +2230,4 @@ public class DefaultDirectoryService imp
     {
         return evaluator;
     }
-
 }
\ No newline at end of file

Modified: directory/apacheds/branches/apacheds-txns/core/src/main/java/org/apache/directory/server/core/DefaultOperationManager.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-txns/core/src/main/java/org/apache/directory/server/core/DefaultOperationManager.java?rev=1200408&r1=1200407&r2=1200408&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-txns/core/src/main/java/org/apache/directory/server/core/DefaultOperationManager.java (original)
+++ directory/apacheds/branches/apacheds-txns/core/src/main/java/org/apache/directory/server/core/DefaultOperationManager.java Thu Nov 10 16:21:12 2011
@@ -23,10 +23,12 @@ package org.apache.directory.server.core
 import java.util.ArrayList;
 import java.util.List;
 
+import org.apache.directory.server.core.api.CoreSession;
 import org.apache.directory.server.core.api.DirectoryService;
 import org.apache.directory.server.core.api.OperationManager;
 import org.apache.directory.server.core.api.ReferralManager;
 import org.apache.directory.server.core.api.filtering.EntryFilteringCursor;
+import org.apache.directory.server.core.api.interceptor.Interceptor;
 import org.apache.directory.server.core.api.interceptor.InterceptorChain;
 import org.apache.directory.server.core.api.interceptor.context.AddOperationContext;
 import org.apache.directory.server.core.api.interceptor.context.BindOperationContext;
@@ -51,6 +53,7 @@ import org.apache.directory.shared.ldap.
 import org.apache.directory.shared.ldap.model.entry.Value;
 import org.apache.directory.shared.ldap.model.exception.LdapAffectMultipleDsaException;
 import org.apache.directory.shared.ldap.model.exception.LdapException;
+import org.apache.directory.shared.ldap.model.exception.LdapNoSuchObjectException;
 import org.apache.directory.shared.ldap.model.exception.LdapOperationErrorException;
 import org.apache.directory.shared.ldap.model.exception.LdapPartialResultException;
 import org.apache.directory.shared.ldap.model.exception.LdapReferralException;
@@ -87,8 +90,68 @@ public class DefaultOperationManager imp
     }
 
 
-    private LdapReferralException buildReferralException( Entry parentEntry, Dn childDn )
-        throws LdapException //, LdapURLEncodingException
+    /**
+     * Eagerly populates fields of operation contexts so multiple Interceptors
+     * in the processing pathway can reuse this value without performing a
+     * redundant lookup operation.
+     *
+     * @param opContext the operation context to populate with cached fields
+     */
+    private void eagerlyPopulateFields( OperationContext opContext ) throws LdapException
+    {
+        // If the entry field is not set for ops other than add for example
+        // then we set the entry but don't freak if we fail to do so since it
+        // may not exist in the first place
+
+        if ( opContext.getEntry() == null )
+        {
+            // We have to use the admin session here, otherwise we may have
+            // trouble reading the entry due to insufficient access rights
+            CoreSession adminSession = opContext.getSession().getDirectoryService().getAdminSession();
+
+            LookupOperationContext lookupContext = new LookupOperationContext( adminSession, opContext.getDn(), SchemaConstants.ALL_ATTRIBUTES_ARRAY );
+            Entry foundEntry = opContext.getSession().getDirectoryService().getPartitionNexus().lookup( lookupContext );
+
+            if ( foundEntry != null )
+            {
+                opContext.setEntry( foundEntry );
+            }
+            else
+            {
+                // This is an error : we *must* have an entry if we want to be able to rename.
+                LdapNoSuchObjectException ldnfe = new LdapNoSuchObjectException( I18n.err( I18n.ERR_256_NO_SUCH_OBJECT,
+                    opContext.getDn() ) );
+
+                throw ldnfe;
+            }
+        }
+    }
+
+
+    private Entry getOriginalEntry( OperationContext opContext ) throws LdapException
+    {
+        // We have to use the admin session here, otherwise we may have
+        // trouble reading the entry due to insufficient access rights
+        CoreSession adminSession = opContext.getSession().getDirectoryService().getAdminSession();
+
+        Entry foundEntry = adminSession.lookup( opContext.getDn(), SchemaConstants.ALL_OPERATIONAL_ATTRIBUTES, SchemaConstants.ALL_USER_ATTRIBUTES );
+
+        if ( foundEntry != null )
+        {
+            return foundEntry;
+        }
+        else
+        {
+            // This is an error : we *must* have an entry if we want to be able to rename.
+            LdapNoSuchObjectException ldnfe = new LdapNoSuchObjectException( I18n.err( I18n.ERR_256_NO_SUCH_OBJECT,
+                opContext.getDn() ) );
+
+            throw ldnfe;
+        }
+    }
+
+
+    private LdapReferralException buildReferralException( Entry parentEntry, Dn childDn ) throws LdapException
     {
         // Get the Ref attributeType
         Attribute refs = parentEntry.get( SchemaConstants.REF_AT );
@@ -102,14 +165,14 @@ public class DefaultOperationManager imp
             {
                 // we have to replace the parent by the referral
                 LdapUrl ldapUrl = new LdapUrl( url.getString() );
-    
+
                 // We have a problem with the Dn : we can't use the UpName,
                 // as we may have some spaces around the ',' and '+'.
                 // So we have to take the Rdn one by one, and create a
                 // new Dn with the type and value UP form
-    
+
                 Dn urlDn = ldapUrl.getDn().add( childDn );
-    
+
                 ldapUrl.setDn( urlDn );
                 urls.add( ldapUrl.toString() );
             }
@@ -129,8 +192,7 @@ public class DefaultOperationManager imp
     }
 
 
-    private LdapReferralException buildReferralExceptionForSearch( Entry parentEntry, Dn childDn, SearchScope scope )
-        throws LdapException
+    private LdapReferralException buildReferralExceptionForSearch( Entry parentEntry, Dn childDn, SearchScope scope ) throws LdapException
     {
         // Get the Ref attributeType
         Attribute refs = parentEntry.get( SchemaConstants.REF_AT );
@@ -285,7 +347,10 @@ public class DefaultOperationManager imp
 
         try
         {
-            directoryService.getInterceptorChain().bind( bindContext );
+            // Call the Delete method
+            Interceptor head = directoryService.getInterceptor( bindContext.getNextInterceptor() );
+
+            head.bind( bindContext );
         }
         finally
         {
@@ -362,9 +427,13 @@ public class DefaultOperationManager imp
             // Unlock the ReferralManager
             directoryService.getReferralManager().unlock();
 
-            // Call the Add method
-            InterceptorChain interceptorChain = directoryService.getInterceptorChain();
-            return interceptorChain.compare( compareContext );
+            // populate the context with the old entry
+            compareContext.setOriginalEntry( getOriginalEntry( compareContext ) );
+
+            // Call the Compare method
+            Interceptor head = directoryService.getInterceptor( compareContext.getNextInterceptor() );
+
+            return head.compare( compareContext );
         }
         finally
         {
@@ -443,9 +512,13 @@ public class DefaultOperationManager imp
             // Unlock the ReferralManager
             directoryService.getReferralManager().unlock();
 
-            // Call the Add method
-            InterceptorChain interceptorChain = directoryService.getInterceptorChain();
-            interceptorChain.delete( deleteContext );
+            // populate the context with the old entry
+            eagerlyPopulateFields( deleteContext );
+
+            // Call the Delete method
+            Interceptor head = directoryService.getInterceptor( deleteContext.getNextInterceptor() );
+
+            head.delete( deleteContext );
         }
         finally
         {
@@ -469,8 +542,9 @@ public class DefaultOperationManager imp
 
         try
         {
-            InterceptorChain chain = directoryService.getInterceptorChain();
-            return chain.getRootDSE( getRootDseContext );
+            Interceptor head = directoryService.getInterceptor( getRootDseContext.getNextInterceptor() );
+
+            return head.getRootDSE( getRootDseContext );
         }
         finally
         {
@@ -493,7 +567,9 @@ public class DefaultOperationManager imp
 
         try
         {
-            return directoryService.getInterceptorChain().hasEntry( hasEntryContext );
+            Interceptor head = directoryService.getInterceptor( hasEntryContext.getNextInterceptor() );
+
+            return head.hasEntry( hasEntryContext );
         }
         finally
         {
@@ -516,7 +592,9 @@ public class DefaultOperationManager imp
 
         try
         {
-            return directoryService.getInterceptorChain().list( listContext );
+            Interceptor head = directoryService.getInterceptor( listContext.getNextInterceptor() );
+
+            return head.list( listContext );
         }
         finally
         {
@@ -539,8 +617,9 @@ public class DefaultOperationManager imp
 
         try
         {
-            InterceptorChain chain = directoryService.getInterceptorChain();
-            return chain.lookup( lookupContext );
+            Interceptor head = directoryService.getInterceptor( lookupContext.getNextInterceptor() );
+
+            return head.lookup( lookupContext );
         }
         finally
         {
@@ -1035,7 +1114,10 @@ public class DefaultOperationManager imp
 
         try
         {
-            directoryService.getInterceptorChain().unbind( unbindContext );
+            // Call the Unbind method
+            Interceptor head = directoryService.getInterceptor( unbindContext.getNextInterceptor() );
+
+            head.unbind( unbindContext );
         }
         finally
         {

Modified: directory/apacheds/branches/apacheds-txns/core/src/test/java/org/apache/directory/server/core/interceptor/InterceptorChainTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-txns/core/src/test/java/org/apache/directory/server/core/interceptor/InterceptorChainTest.java?rev=1200408&r1=1200407&r2=1200408&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-txns/core/src/test/java/org/apache/directory/server/core/interceptor/InterceptorChainTest.java (original)
+++ directory/apacheds/branches/apacheds-txns/core/src/test/java/org/apache/directory/server/core/interceptor/InterceptorChainTest.java Thu Nov 10 16:21:12 2011
@@ -6,16 +6,16 @@
  *  to you under the Apache License, Version 2.0 (the
  *  "License"); you may not use this file except in compliance
  *  with the License.  You may obtain a copy of the License at
- *  
+ * 
  *    http://www.apache.org/licenses/LICENSE-2.0
- *  
+ * 
  *  Unless required by applicable law or agreed to in writing,
  *  software distributed under the License is distributed on an
  *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  *  KIND, either express or implied.  See the License for the
  *  specific language governing permissions and limitations
- *  under the License. 
- *  
+ *  under the License.
+ * 
  */
 package org.apache.directory.server.core.interceptor;
 
@@ -35,7 +35,6 @@ import org.apache.directory.server.core.
 import org.apache.directory.server.core.api.interceptor.InterceptorChain;
 import org.apache.directory.server.core.api.interceptor.context.LookupOperationContext;
 import org.apache.directory.server.core.api.invocation.InvocationStack;
-import org.apache.directory.server.core.api.partition.ByPassConstants;
 import org.apache.directory.server.core.shared.DefaultCoreSession;
 import org.apache.directory.shared.ldap.model.constants.AuthenticationLevel;
 import org.apache.directory.shared.ldap.model.name.Dn;
@@ -44,11 +43,12 @@ import org.apache.directory.shared.ldap.
 import org.junit.After;
 import org.junit.Before;
 import org.junit.BeforeClass;
+import org.junit.Ignore;
 import org.junit.Test;
 
 
 /**
- * Unit test cases for InterceptorChain methods which test bypass 
+ * Unit test cases for InterceptorChain methods which test bypass
  * instructions in the chain.
  *
  * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
@@ -90,6 +90,7 @@ public class InterceptorChainTest
 
 
     @Test
+    @Ignore
     public void testNoBypass() throws Exception
     {
         Dn dn = new Dn( schemaManager, "ou=system" );
@@ -101,7 +102,7 @@ public class InterceptorChainTest
 
         try
         {
-            chain.lookup( lookupContext );
+            //chain.lookup( lookupContext );
         }
         catch ( Exception e )
         {
@@ -116,6 +117,7 @@ public class InterceptorChainTest
 
 
     @Test
+    @Ignore
     public void testSingleBypass() throws Exception
     {
         Dn dn = new Dn( schemaManager, "ou=system" );
@@ -128,7 +130,7 @@ public class InterceptorChainTest
 
         try
         {
-            chain.lookup( lookupContext );
+            //chain.lookup( lookupContext );
         }
         catch ( Exception e )
         {
@@ -143,6 +145,7 @@ public class InterceptorChainTest
 
 
     @Test
+    @Ignore
     public void testAdjacentDoubleBypass() throws Exception
     {
         Dn dn = new Dn( schemaManager, "ou=system" );
@@ -158,7 +161,7 @@ public class InterceptorChainTest
 
         try
         {
-            chain.lookup( lookupContext );
+            //chain.lookup( lookupContext );
         }
         catch ( Exception e )
         {
@@ -173,6 +176,7 @@ public class InterceptorChainTest
 
 
     @Test
+    @Ignore
     public void testFrontAndBackDoubleBypass() throws Exception
     {
         Dn dn = new Dn( schemaManager, "ou=system" );
@@ -188,7 +192,7 @@ public class InterceptorChainTest
 
         try
         {
-            chain.lookup( lookupContext );
+            //chain.lookup( lookupContext );
         }
         catch ( Exception e )
         {
@@ -202,6 +206,7 @@ public class InterceptorChainTest
 
 
     @Test
+    @Ignore
     public void testDoubleBypass() throws Exception
     {
         Dn dn = new Dn( schemaManager, "ou=system" );
@@ -217,7 +222,7 @@ public class InterceptorChainTest
 
         try
         {
-            chain.lookup( lookupContext );
+            //chain.lookup( lookupContext );
         }
         catch ( Exception e )
         {
@@ -228,27 +233,4 @@ public class InterceptorChainTest
         assertEquals( "2", interceptors.get( 1 ).getName() );
         assertEquals( "4", interceptors.get( 2 ).getName() );
     }
-
-
-    @Test
-    public void testCompleteBypass() throws Exception
-    {
-        Dn dn = new Dn( schemaManager, "ou=system" );
-        DirectoryService ds = new MockDirectoryService( 0 );
-        DefaultCoreSession session = new DefaultCoreSession( new LdapPrincipal( schemaManager, new Dn( schemaManager ), AuthenticationLevel.STRONG ),
-            ds );
-        LookupOperationContext lookupContext = new LookupOperationContext( session, dn );
-        lookupContext.setByPassed( ByPassConstants.BYPASS_ALL_COLLECTION );
-        InvocationStack.getInstance().push( lookupContext );
-
-        try
-        {
-            chain.lookup( lookupContext );
-        }
-        catch ( Exception e )
-        {
-        }
-
-        assertEquals( 0, interceptors.size() );
-    }
 }

Propchange: directory/apacheds/branches/apacheds-txns/interceptors/admin/
------------------------------------------------------------------------------
    svn:mergeinfo = /directory/apacheds/trunk/interceptors/admin:1183435-1200383

Modified: directory/apacheds/branches/apacheds-txns/interceptors/admin/src/main/java/org/apache/directory/server/core/admin/AdministrativePointInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-txns/interceptors/admin/src/main/java/org/apache/directory/server/core/admin/AdministrativePointInterceptor.java?rev=1200408&r1=1200407&r2=1200408&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-txns/interceptors/admin/src/main/java/org/apache/directory/server/core/admin/AdministrativePointInterceptor.java (original)
+++ directory/apacheds/branches/apacheds-txns/interceptors/admin/src/main/java/org/apache/directory/server/core/admin/AdministrativePointInterceptor.java Thu Nov 10 16:21:12 2011
@@ -1241,7 +1241,7 @@ public class AdministrativePointIntercep
      * </ul> 
      * {@inheritDoc}
      */
-    public void delete( NextInterceptor next, DeleteOperationContext deleteContext ) throws LdapException
+    public void delete( DeleteOperationContext deleteContext ) throws LdapException
     {
         LOG.debug( ">>> Entering into the Administrative Interceptor, delRequest" );
         Entry entry = deleteContext.getEntry();
@@ -1253,7 +1253,7 @@ public class AdministrativePointIntercep
         if ( adminPoint == null )
         {
             // Nope, go on.
-            next.delete( deleteContext );
+            next( deleteContext );
 
             LOG.debug( "Exit from Administrative Interceptor" );
 
@@ -1278,7 +1278,7 @@ public class AdministrativePointIntercep
         }
 
         // Ok, we can remove the AP
-        next.delete( deleteContext );
+        next( deleteContext );
 
         // Now, update the AdminPoint cache
         deleteAdminPointCache( adminPoint, deleteContext );

Propchange: directory/apacheds/branches/apacheds-txns/interceptors/authn/
------------------------------------------------------------------------------
    svn:mergeinfo = /directory/apacheds/trunk/interceptors/authn:1183435-1200383

Modified: directory/apacheds/branches/apacheds-txns/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-txns/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java?rev=1200408&r1=1200407&r2=1200408&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-txns/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java (original)
+++ directory/apacheds/branches/apacheds-txns/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/AuthenticationInterceptor.java Thu Nov 10 16:21:12 2011
@@ -115,7 +115,7 @@ public class AuthenticationInterceptor e
 
     /** A Set of all the existing Authenticator to be used by the bind operation */
     private Set<Authenticator> authenticators = new HashSet<Authenticator>();
-    
+
     /** A map of authenticators associated with the authentication level required */
     private final Map<AuthenticationLevel, Collection<Authenticator>> authenticatorsMapByType = new HashMap<AuthenticationLevel, Collection<Authenticator>>();
 
@@ -146,6 +146,7 @@ public class AuthenticationInterceptor e
 
 
     /**
+<<<<<<< .working
      * the set of interceptors we should *not* go through when pwdpolicy state information is being updated
      */
     private static final Collection<String> BYPASS_INTERCEPTORS;
@@ -170,6 +171,8 @@ public class AuthenticationInterceptor e
 
 
     /**
+=======
+>>>>>>> .merge-right.r1200383
      * Creates an authentication service interceptor.
      */
     public AuthenticationInterceptor()
@@ -191,7 +194,7 @@ public class AuthenticationInterceptor e
         {
             setDefaultAuthenticators();
         }
-        
+
         // Register all authenticators
         for ( Authenticator authenticator : authenticators )
         {
@@ -211,7 +214,7 @@ public class AuthenticationInterceptor e
         {
             authenticators = new HashSet<Authenticator>();
         }
-        
+
         authenticators.clear();
         authenticators.add( new AnonymousAuthenticator() );
         authenticators.add( new SimpleAuthenticator() );
@@ -250,16 +253,16 @@ public class AuthenticationInterceptor e
         {
             throw new IllegalArgumentException( "The given authenticators set is null" );
         }
-        
+
         this.authenticators.clear();
 
-        for (Authenticator authenticator : authenticators) 
+        for (Authenticator authenticator : authenticators)
         {
             this.authenticators.add( authenticator );
         }
     }
-    
-    
+
+
     /**
      * Deinitializes and deregisters all {@link Authenticator}s from this service.
      */
@@ -330,14 +333,14 @@ public class AuthenticationInterceptor e
         checkAuthenticated( addContext );
 
         Entry entry = addContext.getEntry();
-        
-        
+
+
         if ( !directoryService.isPwdPolicyEnabled() )
         {
             next.add( addContext );
             return;
         }
-        
+
         PasswordPolicyConfiguration policyConfig = getPwdPolicy( entry );
 
         boolean isPPolicyReqCtrlPresent = addContext.hasRequestControl( PasswordPolicy.OID );
@@ -359,7 +362,7 @@ public class AuthenticationInterceptor e
             {
                 if ( isPPolicyReqCtrlPresent )
                 {
-                    PasswordPolicyDecorator responseControl = 
+                    PasswordPolicyDecorator responseControl =
                         new PasswordPolicyDecorator( directoryService.getLdapCodecService(), true );
                     responseControl.getResponse().setPasswordPolicyError( PasswordPolicyErrorEnum.get( e.getErrorCode() ) );
                     addContext.addResponseControl( responseControl );
@@ -370,6 +373,7 @@ public class AuthenticationInterceptor e
             }
 
             String pwdChangedTime = DateUtils.getGeneralizedTime();
+
             if ( ( policyConfig.getPwdMinAge() > 0 ) || ( policyConfig.getPwdMaxAge() > 0 ) )
             {
                 Attribute pwdChangedTimeAt = new DefaultAttribute( AT_PWD_CHANGED_TIME );
@@ -397,7 +401,7 @@ public class AuthenticationInterceptor e
     }
 
 
-    public void delete( NextInterceptor next, DeleteOperationContext deleteContext ) throws LdapException
+    public void delete( DeleteOperationContext deleteContext ) throws LdapException
     {
         if ( IS_DEBUG )
         {
@@ -406,12 +410,15 @@ public class AuthenticationInterceptor e
 
         checkAuthenticated( deleteContext );
         checkPwdReset( deleteContext );
-        next.delete( deleteContext );
+        next( deleteContext );
         invalidateAuthenticatorCaches( deleteContext.getDn() );
     }
 
 
-    public Entry getRootDSE( NextInterceptor next, GetRootDSEOperationContext getRootDseContext ) throws LdapException
+    /**
+     * {@inheritDoc}
+     */
+    public Entry getRootDSE( GetRootDSEOperationContext getRootDseContext ) throws LdapException
     {
         if ( IS_DEBUG )
         {
@@ -420,11 +427,15 @@ public class AuthenticationInterceptor e
 
         checkAuthenticated( getRootDseContext );
         checkPwdReset( getRootDseContext );
-        return next.getRootDSE( getRootDseContext );
+
+        return next( getRootDseContext );
     }
 
 
-    public boolean hasEntry( NextInterceptor next, EntryOperationContext hasEntryContext ) throws LdapException
+    /**
+     * {@inheritDoc}
+     */
+    public boolean hasEntry( EntryOperationContext hasEntryContext ) throws LdapException
     {
         if ( IS_DEBUG )
         {
@@ -433,11 +444,15 @@ public class AuthenticationInterceptor e
 
         checkAuthenticated( hasEntryContext );
         checkPwdReset( hasEntryContext );
-        return next.hasEntry( hasEntryContext );
+
+        return next( hasEntryContext );
     }
 
 
-    public EntryFilteringCursor list( NextInterceptor next, ListOperationContext listContext ) throws LdapException
+    /**
+     * {@inheritDoc}
+     */
+    public EntryFilteringCursor list( ListOperationContext listContext ) throws LdapException
     {
         if ( IS_DEBUG )
         {
@@ -446,11 +461,12 @@ public class AuthenticationInterceptor e
 
         checkAuthenticated( listContext );
         checkPwdReset( listContext );
-        return next.list( listContext );
+
+        return next( listContext );
     }
 
 
-    public Entry lookup( NextInterceptor next, LookupOperationContext lookupContext ) throws LdapException
+    public Entry lookup( LookupOperationContext lookupContext ) throws LdapException
     {
         if ( IS_DEBUG )
         {
@@ -459,8 +475,8 @@ public class AuthenticationInterceptor e
 
         checkAuthenticated( lookupContext );
         checkPwdReset( lookupContext );
-        
-        return next.lookup( lookupContext );
+
+        return next( lookupContext );
     }
 
 
@@ -488,7 +504,7 @@ public class AuthenticationInterceptor e
 
         checkAuthenticated( modifyContext );
 
-        
+
         if ( ! directoryService.isPwdPolicyEnabled() )
         {
             next.modify( modifyContext );
@@ -498,12 +514,12 @@ public class AuthenticationInterceptor e
 
         // handle the case where pwdPolicySubentry AT is about to be deleted in thid modify()
         PasswordPolicyConfiguration policyConfig = getPwdPolicy( modifyContext.getEntry() );
-        
+
         boolean isPPolicyReqCtrlPresent = modifyContext.hasRequestControl( PasswordPolicy.OID );
         Dn userDn = modifyContext.getSession().getAuthenticatedPrincipal().getDn();
 
         PwdModDetailsHolder pwdModDetails = null;
-        
+
         pwdModDetails = getPwdModDetails( modifyContext, policyConfig );
 
         if ( pwdModDetails.isPwdModPresent() )
@@ -514,7 +530,7 @@ public class AuthenticationInterceptor e
                 {
                     if ( isPPolicyReqCtrlPresent )
                     {
-                        PasswordPolicyDecorator responseControl = 
+                        PasswordPolicyDecorator responseControl =
                             new PasswordPolicyDecorator( directoryService.getLdapCodecService(), true );
                         responseControl.getResponse().setPasswordPolicyError( PasswordPolicyErrorEnum.CHANGE_AFTER_RESET );
                         modifyContext.addResponseControl( responseControl );
@@ -529,10 +545,10 @@ public class AuthenticationInterceptor e
                 if ( pwdModDetails.isAddOrReplace() && !pwdModDetails.isDelete() )
                 {
                     LOG.debug( "trying to update password attribute without the supplying the old password" );
-                    
+
                     if ( isPPolicyReqCtrlPresent )
                     {
-                        PasswordPolicyDecorator responseControl = 
+                        PasswordPolicyDecorator responseControl =
                             new PasswordPolicyDecorator( directoryService.getLdapCodecService(), true );
                         responseControl.getResponse().setPasswordPolicyError( PasswordPolicyErrorEnum.MUST_SUPPLY_OLD_PASSWORD );
                         modifyContext.addResponseControl( responseControl );
@@ -546,7 +562,7 @@ public class AuthenticationInterceptor e
             {
                 if ( isPPolicyReqCtrlPresent )
                 {
-                    PasswordPolicyDecorator responseControl = 
+                    PasswordPolicyDecorator responseControl =
                         new PasswordPolicyDecorator( directoryService.getLdapCodecService(), true );
                     responseControl.getResponse().setPasswordPolicyError( PasswordPolicyErrorEnum.PASSWORD_MOD_NOT_ALLOWED );
                     modifyContext.addResponseControl( responseControl );
@@ -561,7 +577,7 @@ public class AuthenticationInterceptor e
             {
                 if ( isPPolicyReqCtrlPresent )
                 {
-                    PasswordPolicyDecorator responseControl = 
+                    PasswordPolicyDecorator responseControl =
                         new PasswordPolicyDecorator( directoryService.getLdapCodecService(), true );
                     responseControl.getResponse().setPasswordPolicyError( PasswordPolicyErrorEnum.PASSWORD_TOO_YOUNG );
                     modifyContext.addResponseControl( responseControl );
@@ -572,11 +588,11 @@ public class AuthenticationInterceptor e
             }
 
             byte[] newPassword = null;
-            
+
             if ( ( pwdModDetails != null ) )
             {
                 newPassword = pwdModDetails.getNewPwd();
-                
+
                 try
                 {
                     String userName = entry.getDn().getRdn().getUpValue().getString();
@@ -586,7 +602,7 @@ public class AuthenticationInterceptor e
                 {
                     if ( isPPolicyReqCtrlPresent )
                     {
-                        PasswordPolicyDecorator responseControl = 
+                        PasswordPolicyDecorator responseControl =
                             new PasswordPolicyDecorator( directoryService.getLdapCodecService(), true );
                         responseControl.getResponse().setPasswordPolicyError( PasswordPolicyErrorEnum.get( e.getErrorCode() ) );
                         modifyContext.addResponseControl( responseControl );
@@ -605,12 +621,12 @@ public class AuthenticationInterceptor e
             if ( histSize > 0 )
             {
                 Attribute pwdHistoryAt = entry.get( PWD_HISTORY_AT );
-                
+
                 if ( pwdHistoryAt == null )
                 {
                     pwdHistoryAt = new DefaultAttribute( AT_PWD_HISTORY );
                 }
-                
+
                 List<PasswordHistory> pwdHistLst = new ArrayList<PasswordHistory>();
 
                 for ( Value<?> value : pwdHistoryAt  )
@@ -623,7 +639,7 @@ public class AuthenticationInterceptor e
                     {
                         if ( isPPolicyReqCtrlPresent )
                         {
-                            PasswordPolicyDecorator responseControl = 
+                            PasswordPolicyDecorator responseControl =
                                 new PasswordPolicyDecorator( directoryService.getLdapCodecService(), true );
                             responseControl.getResponse().setPasswordPolicyError( PasswordPolicyErrorEnum.PASSWORD_IN_HISTORY );
                             modifyContext.addResponseControl( responseControl );
@@ -640,14 +656,14 @@ public class AuthenticationInterceptor e
                 {
                     // see the javadoc of PasswordHistory
                     Collections.sort( pwdHistLst );
-                   
+
                     // remove the oldest value
                     PasswordHistory remPwdHist = ( PasswordHistory ) pwdHistLst.toArray()[histSize - 1];
                     Attribute tempAt = new DefaultAttribute( AT_PWD_HISTORY );
                     tempAt.add( remPwdHist.getHistoryValue() );
                     pwdRemHistMod = new DefaultModification( REMOVE_ATTRIBUTE, tempAt );
                 }
-                
+
                 pwdHistoryAt.clear();
                 PasswordHistory newPwdHist = new PasswordHistory( pwdChangedTime, newPassword );
                 pwdHistoryAt.clear();
@@ -656,11 +672,11 @@ public class AuthenticationInterceptor e
             }
 
             next.modify( modifyContext );
-            
+
             invalidateAuthenticatorCaches( modifyContext.getDn() );
 
             List<Modification> mods = new ArrayList<Modification>();
-            
+
             if ( ( policyConfig.getPwdMinAge() > 0 ) || ( policyConfig.getPwdMaxAge() > 0 ) )
             {
                 Attribute pwdChangedTimeAt = new DefaultAttribute( AT_PWD_CHANGED_TIME );
@@ -680,7 +696,7 @@ public class AuthenticationInterceptor e
             }
 
             boolean removeFromPwdResetSet = false;
-            
+
             if ( policyConfig.isPwdMustChange() )
             {
                 Attribute pwdMustChangeAt = new DefaultAttribute( AT_PWD_RESET );
@@ -701,14 +717,14 @@ public class AuthenticationInterceptor e
             }
 
             Attribute pwdFailureTimeAt = entry.get( PWD_FAILURE_TIME_AT );
-            
+
             if ( pwdFailureTimeAt != null )
             {
                 mods.add( new DefaultModification( REMOVE_ATTRIBUTE, pwdFailureTimeAt ) );
             }
 
             Attribute pwdGraceUseTimeAt = entry.get( PWD_GRACE_USE_TIME_AT );
-            
+
             if ( pwdGraceUseTimeAt != null )
             {
                 mods.add( new DefaultModification( REMOVE_ATTRIBUTE, pwdGraceUseTimeAt ) );
@@ -746,7 +762,7 @@ public class AuthenticationInterceptor e
     /**
      * {@inheritDoc}
      */
-    public boolean compare( NextInterceptor next, CompareOperationContext compareContext ) throws LdapException
+    public boolean compare( CompareOperationContext compareContext ) throws LdapException
     {
         if ( IS_DEBUG )
         {
@@ -755,7 +771,7 @@ public class AuthenticationInterceptor e
 
         checkAuthenticated( compareContext );
         checkPwdReset( compareContext );
-        boolean result = next.compare( compareContext );
+        boolean result = next( compareContext );
         invalidateAuthenticatorCaches( compareContext.getDn() );
 
         return result;
@@ -764,7 +780,7 @@ public class AuthenticationInterceptor e
 
     public void moveAndRename( NextInterceptor next, MoveAndRenameOperationContext moveAndRenameContext )
         throws LdapException
-    {
+        {
         if ( IS_DEBUG )
         {
             LOG.debug( "Operation Context: {}", moveAndRenameContext );
@@ -774,7 +790,7 @@ public class AuthenticationInterceptor e
         checkPwdReset( moveAndRenameContext );
         next.moveAndRename( moveAndRenameContext );
         invalidateAuthenticatorCaches( moveAndRenameContext.getDn() );
-    }
+        }
 
 
     /**
@@ -796,7 +812,7 @@ public class AuthenticationInterceptor e
 
     public EntryFilteringCursor search( NextInterceptor next, SearchOperationContext searchContext )
         throws LdapException
-    {
+        {
         if ( IS_DEBUG )
         {
             LOG.debug( "Operation Context: {}", searchContext );
@@ -804,8 +820,9 @@ public class AuthenticationInterceptor e
 
         checkAuthenticated( searchContext );
         checkPwdReset( searchContext );
+
         return next.search( searchContext );
-    }
+        }
 
 
     /**
@@ -826,7 +843,7 @@ public class AuthenticationInterceptor e
     }
 
 
-    public void bind( NextInterceptor next, BindOperationContext bindContext ) throws LdapException
+    public void bind( BindOperationContext bindContext ) throws LdapException
     {
         if ( IS_DEBUG )
         {
@@ -858,7 +875,7 @@ public class AuthenticationInterceptor e
             LOG.debug( "No authenticators found, delegating bind to the nexus." );
 
             // as a last resort try binding via the nexus
-            next.bind( bindContext );
+            next( bindContext );
 
             LOG.debug( "Nexus succeeded on bind operation." );
 
@@ -874,7 +891,7 @@ public class AuthenticationInterceptor e
         }
 
         boolean isPPolicyReqCtrlPresent = bindContext.hasRequestControl( PasswordPolicy.OID );
-        PasswordPolicyDecorator pwdRespCtrl = 
+        PasswordPolicyDecorator pwdRespCtrl =
             new PasswordPolicyDecorator( directoryService.getLdapCodecService(), true );
 
         boolean authenticated = false;
@@ -888,7 +905,7 @@ public class AuthenticationInterceptor e
             {
                 // perform the authentication
                 LdapPrincipal principal = authenticator.authenticate( bindContext );
-                
+
                 LdapPrincipal clonedPrincipal = ( LdapPrincipal ) ( principal.clone() );
 
                 // remove creds so there is no security risk
@@ -900,7 +917,7 @@ public class AuthenticationInterceptor e
                 bindContext.setSession( session );
 
                 authenticated = true;
-                
+
                 // break out of the loop if the authentication succeeded
                 break;
             }
@@ -940,12 +957,12 @@ public class AuthenticationInterceptor e
 
         Dn dn = bindContext.getDn();
         Entry userEntry = bindContext.getEntry();
-        
+
         PasswordPolicyConfiguration policyConfig = getPwdPolicy( userEntry );
-        
+
         // check if the user entry is null, it will be null
         // in cases of anonymous bind
-        if ( authenticated && ( userEntry == null ) && directoryService.isAllowAnonymousAccess() ) 
+        if ( authenticated && ( userEntry == null ) && directoryService.isAllowAnonymousAccess() )
         {
             return;
         }
@@ -960,6 +977,7 @@ public class AuthenticationInterceptor e
             if ( ( policyConfig != null ) && ( userEntry != null ) )
             {
                 Attribute pwdFailTimeAt = userEntry.get( PWD_FAILURE_TIME_AT );
+
                 if ( pwdFailTimeAt == null )
                 {
                     pwdFailTimeAt = new DefaultAttribute( AT_PWD_FAILURE_TIME );
@@ -991,7 +1009,7 @@ public class AuthenticationInterceptor e
                     {
                         pwdAccountLockedTimeAt.add( failureTime );
                     }
-                    
+
                     Modification pwdAccountLockedMod = new DefaultModification( ADD_ATTRIBUTE, pwdAccountLockedTimeAt );
                     mods.add( pwdAccountLockedMod );
 
@@ -1020,10 +1038,9 @@ public class AuthenticationInterceptor e
 
                 //adminSession.modify( dn, Collections.singletonList( pwdFailTimeMod ) );
                 ModifyOperationContext bindModCtx = new ModifyOperationContext( adminSession );
-                bindModCtx.setByPassed( BYPASS_INTERCEPTORS );
                 bindModCtx.setDn( dn );
                 bindModCtx.setModItems( mods );
-                directoryService.getOperationManager().modify( bindModCtx );
+                directoryService.getPartitionNexus().modify( bindModCtx );
             }
 
             String upDn = ( dn == null ? "" : dn.getName() );
@@ -1042,6 +1059,7 @@ public class AuthenticationInterceptor e
             }
 
             Attribute pwdFailTimeAt = userEntry.get( AT_PWD_FAILURE_TIME );
+
             if ( pwdFailTimeAt != null )
             {
                 Modification pwdFailTimeMod = new DefaultModification( REMOVE_ATTRIBUTE, pwdFailTimeAt );
@@ -1049,6 +1067,7 @@ public class AuthenticationInterceptor e
             }
 
             Attribute pwdAccLockedTimeAt = userEntry.get( AT_PWD_ACCOUNT_LOCKED_TIME );
+
             if ( pwdAccLockedTimeAt != null )
             {
                 Modification pwdAccLockedTimeMod = new DefaultModification( REMOVE_ATTRIBUTE, pwdAccLockedTimeAt );
@@ -1059,17 +1078,17 @@ public class AuthenticationInterceptor e
             if ( ( policyConfig.getPwdMaxAge() > 0 ) && ( policyConfig.getPwdGraceAuthNLimit() > 0 ) )
             {
                 Attribute pwdChangeTimeAttr = userEntry.get( PWD_CHANGED_TIME_AT );
-                
+
                 if ( pwdChangeTimeAttr != null )
                 {
                     boolean expired = PasswordUtil.isPwdExpired( pwdChangeTimeAttr.getString(),
                         policyConfig.getPwdMaxAge() );
-                    
+
                     if ( expired )
                     {
                         Attribute pwdGraceUseAttr = userEntry.get( PWD_GRACE_USE_TIME_AT );
                         int numGraceAuth = 0;
-                        
+
                         if ( pwdGraceUseAttr != null )
                         {
                             numGraceAuth = policyConfig.getPwdGraceAuthNLimit() - ( pwdGraceUseAttr.size() + 1 );
@@ -1079,7 +1098,7 @@ public class AuthenticationInterceptor e
                             pwdGraceUseAttr = new DefaultAttribute( AT_PWD_GRACE_USE_TIME );
                             numGraceAuth = policyConfig.getPwdGraceAuthNLimit() - 1;
                         }
-                        
+
                         pwdRespCtrl.getResponse().setGraceAuthNsRemaining( numGraceAuth );
 
                         pwdGraceUseAttr.add( DateUtils.getGeneralizedTime() );
@@ -1093,16 +1112,15 @@ public class AuthenticationInterceptor e
             {
                 //adminSession.modify( dn, mods );
                 ModifyOperationContext bindModCtx = new ModifyOperationContext( adminSession );
-                bindModCtx.setByPassed( BYPASS_INTERCEPTORS );
                 bindModCtx.setDn( dn );
                 bindModCtx.setModItems( mods );
-                directoryService.getOperationManager().modify( bindModCtx );
+                directoryService.getPartitionNexus().modify( bindModCtx );
             }
 
             if ( isPPolicyReqCtrlPresent )
             {
                 int expiryWarnTime = getPwdTimeBeforeExpiry( userEntry, policyConfig );
-                
+
                 if ( expiryWarnTime > 0 )
                 {
                     pwdRespCtrl.getResponse().setTimeBeforeExpiration( expiryWarnTime );
@@ -1121,9 +1139,9 @@ public class AuthenticationInterceptor e
 
 
     @Override
-    public void unbind( NextInterceptor next, UnbindOperationContext unbindContext ) throws LdapException
+    public void unbind( UnbindOperationContext unbindContext ) throws LdapException
     {
-        super.unbind( next, unbindContext );
+        next( unbindContext );
 
         // remove the Dn from the password reset Set
         // we do not perform a check to see if the reset flag in the associated ppolicy is enabled
@@ -1197,10 +1215,10 @@ public class AuthenticationInterceptor e
         }
 
         String strPassword = Strings.utf8ToString(password);
-        
+
         // perform the length validation
         validatePasswordLength( strPassword, policyConfig );
-        
+
         policyConfig.getPwdValidator().validate( strPassword, username );
     }
 
@@ -1243,7 +1261,7 @@ public class AuthenticationInterceptor e
         }
 
         int warningAge = policyConfig.getPwdExpireWarning();
-        
+
         if ( warningAge <= 0 )
         {
             return 0;
@@ -1254,14 +1272,14 @@ public class AuthenticationInterceptor e
 
         long currentTime = DateUtils.getDate( DateUtils.getGeneralizedTime() ).getTime();
         int pwdAge = ( int ) ( currentTime - changedTime ) / 1000;
-        
+
         if ( pwdAge > policyConfig.getPwdMaxAge() )
         {
             return 0;
         }
 
         warningAge = policyConfig.getPwdMaxAge() - warningAge;
-        
+
         if ( pwdAge >= warningAge )
         {
             return policyConfig.getPwdMaxAge() - pwdAge;
@@ -1286,14 +1304,14 @@ public class AuthenticationInterceptor e
         }
 
         Attribute pwdChangedTimeAt = userEntry.get( PWD_CHANGED_TIME_AT );
-        
+
         if ( pwdChangedTimeAt != null )
         {
             long changedTime = DateUtils.getDate( pwdChangedTimeAt.getString() ).getTime();
             changedTime += policyConfig.getPwdMinAge() * 1000;
-        
+
             long currentTime = DateUtils.getDate( DateUtils.getGeneralizedTime() ).getTime();
-            
+
             if ( changedTime > currentTime )
             {
                 return true;
@@ -1316,6 +1334,7 @@ public class AuthenticationInterceptor e
         boolean mustChange = false;
 
         Attribute pwdResetAt = userEntry.get( PWD_RESET_AT );
+
         if ( pwdResetAt != null )
         {
             mustChange = Boolean.parseBoolean( pwdResetAt.getString() );
@@ -1330,6 +1349,7 @@ public class AuthenticationInterceptor e
         PwdModDetailsHolder pwdModDetails = new PwdModDetailsHolder();
 
         List<Modification> mods = modifyContext.getModItems();
+
         for ( Modification m : mods )
         {
             Attribute at = m.getAttribute();
@@ -1380,7 +1400,7 @@ public class AuthenticationInterceptor e
                     .hasRequestControl( PasswordPolicy.OID );
                 if ( isPPolicyReqCtrlPresent )
                 {
-                    PasswordPolicyDecorator pwdRespCtrl = 
+                    PasswordPolicyDecorator pwdRespCtrl =
                         new PasswordPolicyDecorator( directoryService.getLdapCodecService(), true );
                     pwdRespCtrl.getResponse().setPasswordPolicyError( PasswordPolicyErrorEnum.CHANGE_AFTER_RESET );
                     opContext.addResponseControl( pwdRespCtrl );
@@ -1391,7 +1411,7 @@ public class AuthenticationInterceptor e
         }
     }
 
-    
+
     private static class PwdModDetailsHolder
     {
         private boolean pwdModPresent = false;
@@ -1464,10 +1484,10 @@ public class AuthenticationInterceptor e
             this.newPwd = newPwd;
         }
     }
-    
+
 
     /**
-     * Gets the effective password policy of the given entry. 
+     * Gets the effective password policy of the given entry.
      * If the entry has defined a custom password policy by setting "pwdPolicySubentry" attribute
      * then the password policy associated with the Dn specified at the above attribute's value will be returned.
      * Otherwise the default password policy will be returned (if present)
@@ -1482,27 +1502,27 @@ public class AuthenticationInterceptor e
         {
             return null;
         }
-        
+
         if ( pwdPolicyContainer.hasCustomConfigs() )
         {
             Attribute pwdPolicySubentry = userEntry.get( pwdPolicySubentryAT );
-            
+
             if ( pwdPolicySubentry != null )
             {
                 Dn configDn = adminSession.getDirectoryService().getDnFactory().create( pwdPolicySubentry.getString() );
-                
+
                 return pwdPolicyContainer.getPolicyConfig( configDn );
             }
         }
-        
+
         return pwdPolicyContainer.getDefaultPolicy();
     }
-    
-    
+
+
     /**
      * set all the password policies to be used by the server.
      * This includes a default(i.e applicable to all entries) and custom(a.k.a per user) password policies
-     *  
+     * 
      * @param policyContainer the container holding all the password policies
      */
     public void setPwdPolicies( PpolicyConfigContainer policyContainer )
@@ -1516,8 +1536,8 @@ public class AuthenticationInterceptor e
      */
     public boolean isPwdPolicyEnabled()
     {
-        return ( ( pwdPolicyContainer != null ) 
-                && ( ( pwdPolicyContainer.getDefaultPolicy() != null ) 
+        return ( ( pwdPolicyContainer != null )
+            && ( ( pwdPolicyContainer.getDefaultPolicy() != null )
                 || ( pwdPolicyContainer.hasCustomConfigs() ) ) );
     }
 

Modified: directory/apacheds/branches/apacheds-txns/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-txns/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java?rev=1200408&r1=1200407&r2=1200408&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-txns/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java (original)
+++ directory/apacheds/branches/apacheds-txns/interceptors/authn/src/main/java/org/apache/directory/server/core/authn/SimpleAuthenticator.java Thu Nov 10 16:21:12 2011
@@ -91,31 +91,6 @@ public class SimpleAuthenticator extends
     private static final int DEFAULT_CACHE_SIZE = 100;
 
     /**
-     * Define the interceptors we should *not* go through when we will have to request the backend
-     * about a userPassword.
-     */
-    private static final Collection<String> USERLOOKUP_BYPASS;
-
-    static
-    {
-        Set<String> c = new HashSet<String>();
-        c.add( "NormalizationInterceptor" );
-        c.add( "AuthenticationInterceptor" );
-        c.add( "AciAuthorizationInterceptor" );
-        c.add( "DefaultAuthorizationInterceptor" );
-        c.add( "AdministrativePointInterceptor" );
-        c.add( "ExceptionInterceptor" );
-        c.add( "OperationalAttributeInterceptor" );
-        c.add( "SchemaInterceptor" );
-        c.add( "CollectiveAttributeInterceptor" );
-        c.add( "SubentryInterceptor" );
-        c.add( "EventInterceptor" );
-        c.add( "TriggerInterceptor" );
-        USERLOOKUP_BYPASS = Collections.unmodifiableCollection( c );
-    }
-
-
-    /**
      * Creates a new instance.
      * @see AbstractAuthenticator
      */
@@ -265,12 +240,11 @@ public class SimpleAuthenticator extends
              */
             LookupOperationContext lookupContext = new LookupOperationContext( getDirectoryService().getAdminSession(),
                 bindContext.getDn() );
-            lookupContext.setByPassed( USERLOOKUP_BYPASS );
             lookupContext.addAttrsId( SchemaConstants.ALL_USER_ATTRIBUTES );
             // OP attributes required for ppolicy
             lookupContext.addAttrsId( SchemaConstants.ALL_OPERATIONAL_ATTRIBUTES );
             
-            userEntry = getDirectoryService().getOperationManager().lookup( lookupContext );
+            userEntry = getDirectoryService().getPartitionNexus().lookup( lookupContext );
 
             if ( userEntry == null )
             {

Propchange: directory/apacheds/branches/apacheds-txns/interceptors/authz/
------------------------------------------------------------------------------
    svn:mergeinfo = /directory/apacheds/trunk/interceptors/authz:1183435-1200383

Modified: directory/apacheds/branches/apacheds-txns/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/AciAuthorizationInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-txns/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/AciAuthorizationInterceptor.java?rev=1200408&r1=1200407&r2=1200408&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-txns/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/AciAuthorizationInterceptor.java (original)
+++ directory/apacheds/branches/apacheds-txns/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/AciAuthorizationInterceptor.java Thu Nov 10 16:21:12 2011
@@ -41,7 +41,6 @@ import org.apache.directory.server.core.
 import org.apache.directory.server.core.api.filtering.EntryFilter;
 import org.apache.directory.server.core.api.filtering.EntryFilteringCursor;
 import org.apache.directory.server.core.api.interceptor.BaseInterceptor;
-import org.apache.directory.server.core.api.interceptor.InterceptorChain;
 import org.apache.directory.server.core.api.interceptor.NextInterceptor;
 import org.apache.directory.server.core.api.interceptor.context.AddOperationContext;
 import org.apache.directory.server.core.api.interceptor.context.CompareOperationContext;
@@ -56,7 +55,6 @@ import org.apache.directory.server.core.
 import org.apache.directory.server.core.api.interceptor.context.RenameOperationContext;
 import org.apache.directory.server.core.api.interceptor.context.SearchOperationContext;
 import org.apache.directory.server.core.api.interceptor.context.SearchingOperationContext;
-import org.apache.directory.server.core.api.partition.ByPassConstants;
 import org.apache.directory.server.core.api.partition.PartitionNexus;
 import org.apache.directory.server.core.authz.support.ACDFEngine;
 import org.apache.directory.server.core.authz.support.AciContext;
@@ -160,9 +158,6 @@ public class AciAuthorizationInterceptor
     /** use and instance of the ACDF engine */
     private ACDFEngine engine;
 
-    /** interceptor chain */
-    private InterceptorChain chain;
-
     /** the system wide subschemaSubentryDn */
     private String subschemaSubentryDn;
 
@@ -170,7 +165,7 @@ public class AciAuthorizationInterceptor
     private PartitionNexus nexus;
 
     public static final SearchControls DEFAULT_SEARCH_CONTROLS = new SearchControls();
-    
+
     /** The SubentryUtils instance */
     private static SubentryUtils subentryUtils;
 
@@ -189,7 +184,7 @@ public class AciAuthorizationInterceptor
             { SchemaConstants.PRESCRIPTIVE_ACI_AT } );
 
         ExprNode filter =
-                new EqualityNode<String>( OBJECT_CLASS_AT, new StringValue( SchemaConstants.ACCESS_CONTROL_SUBENTRY_OC ) );
+            new EqualityNode<String>( OBJECT_CLASS_AT, new StringValue( SchemaConstants.ACCESS_CONTROL_SUBENTRY_OC ) );
 
         CoreSession adminSession = new DefaultCoreSession( new LdapPrincipal( schemaManager, adminDn, AuthenticationLevel.STRONG ),
             directoryService );
@@ -283,7 +278,6 @@ public class AciAuthorizationInterceptor
         Dn adminDn = directoryService.getDnFactory().create( ServerDNConstants.ADMIN_SYSTEM_DN );
         CoreSession adminSession = new DefaultCoreSession( new LdapPrincipal( schemaManager, adminDn, AuthenticationLevel.STRONG ),
             directoryService );
-        chain = directoryService.getInterceptorChain();
 
         // Create the caches
         tupleCache = new TupleCache( adminSession );
@@ -302,15 +296,15 @@ public class AciAuthorizationInterceptor
         // Init the caches now
         initTupleCache();
         initGroupCache();
-        
+
         // Init the SubentryUtils instance
         subentryUtils = new SubentryUtils( directoryService );
     }
 
 
-    private void protectCriticalEntries( Dn dn ) throws LdapException
+    private void protectCriticalEntries( OperationContext opCtx, Dn dn ) throws LdapException
     {
-        Dn principalDn = getPrincipal().getDn();
+        Dn principalDn = getPrincipal( opCtx ).getDn();
 
         if ( dn.isEmpty() )
         {
@@ -342,8 +336,7 @@ public class AciAuthorizationInterceptor
      * @throws Exception if there are problems accessing attribute values
      * @param proxy the partition nexus proxy object
      */
-    private void addPerscriptiveAciTuples( OperationContext opContext, Collection<ACITuple> tuples, Dn dn, Entry entry )
-        throws LdapException
+    private void addPerscriptiveAciTuples( OperationContext opContext, Collection<ACITuple> tuples, Dn dn, Entry entry ) throws LdapException
     {
         Entry originalEntry = null;
 
@@ -370,7 +363,11 @@ public class AciAuthorizationInterceptor
         if ( oc.contains( SchemaConstants.SUBENTRY_OC ) )
         {
             Dn parentDn = dn.getParent();
-            originalEntry = opContext.lookup( parentDn, ByPassConstants.LOOKUP_BYPASS, SchemaConstants.ALL_ATTRIBUTES_ARRAY );
+            CoreSession session = opContext.getSession();
+            LookupOperationContext lookupContext = new LookupOperationContext( session, parentDn );
+            lookupContext.setAttrsId( SchemaConstants.ALL_ATTRIBUTES_ARRAY );
+
+            originalEntry = directoryService.getPartitionNexus().lookup( lookupContext );
         }
 
         Attribute subentries = originalEntry.get( ACCESS_CONTROL_SUBENTRIES_AT );
@@ -436,8 +433,7 @@ public class AciAuthorizationInterceptor
      * @throws Exception if there are problems accessing attribute values
      * @param proxy the partition nexus proxy object
      */
-    private void addSubentryAciTuples( OperationContext opContext, Collection<ACITuple> tuples, Dn dn, Entry entry )
-        throws LdapException
+    private void addSubentryAciTuples( OperationContext opContext, Collection<ACITuple> tuples, Dn dn, Entry entry ) throws LdapException
     {
         // only perform this for subentries
         if ( !entry.contains( SchemaConstants.OBJECT_CLASS_AT, SchemaConstants.SUBENTRY_OC ) )
@@ -448,7 +444,11 @@ public class AciAuthorizationInterceptor
         // get the parent or administrative entry for this subentry since it
         // will contain the subentryACI attributes that effect subentries
         Dn parentDn = dn.getParent();
-        Entry administrativeEntry = ( ( ClonedServerEntry ) opContext.lookup( parentDn, ByPassConstants.LOOKUP_BYPASS, SchemaConstants.ALL_ATTRIBUTES_ARRAY ) )
+
+        CoreSession session = opContext.getSession();
+        LookupOperationContext lookupContext = new LookupOperationContext( session, parentDn, SchemaConstants.ALL_ATTRIBUTES_ARRAY );
+
+        Entry administrativeEntry = (( ClonedServerEntry ) directoryService.getPartitionNexus().lookup( lookupContext ) )
             .getOriginalEntry();
 
         Attribute subentryAci = administrativeEntry.get( SUBENTRY_ACI_AT );
@@ -503,7 +503,7 @@ public class AciAuthorizationInterceptor
     public void add( NextInterceptor next, AddOperationContext addContext ) throws LdapException
     {
         // bypass authz code if it was disabled
-        if ( !addContext.getSession().getDirectoryService().isAccessControlEnabled() )
+        if ( !directoryService.isAccessControlEnabled() )
         {
             ACI_LOG.debug( "ACI interceptor disabled" );
             next.add( addContext );
@@ -596,14 +596,14 @@ public class AciAuthorizationInterceptor
     }
 
 
-    public void delete( NextInterceptor next, DeleteOperationContext deleteContext ) throws LdapException
+    public void delete( DeleteOperationContext deleteContext ) throws LdapException
     {
         CoreSession session = deleteContext.getSession();
 
         // bypass authz code if we are disabled
-        if ( !session.getDirectoryService().isAccessControlEnabled() )
+        if ( !directoryService.isAccessControlEnabled() )
         {
-            next.delete( deleteContext );
+            next( deleteContext );
             return;
         }
 
@@ -613,12 +613,12 @@ public class AciAuthorizationInterceptor
 
         Entry entry = deleteContext.getEntry();
 
-        protectCriticalEntries( dn );
+        protectCriticalEntries( deleteContext, dn );
 
         // bypass authz code but manage caches if operation is performed by the admin
         if ( isPrincipalAnAdministrator( principalDn ) )
         {
-            next.delete( deleteContext );
+            next( deleteContext );
 
             tupleCache.subentryDeleted( dn, entry );
             groupCache.groupDeleted( dn, entry );
@@ -643,7 +643,7 @@ public class AciAuthorizationInterceptor
 
         engine.checkPermission( aciContext );
 
-        next.delete( deleteContext );
+        next( deleteContext );
 
         tupleCache.subentryDeleted( dn, entry );
         groupCache.groupDeleted( dn, entry );
@@ -663,7 +663,7 @@ public class AciAuthorizationInterceptor
         Dn principalDn = principal.getDn();
 
         // bypass authz code if we are disabled
-        if ( !modifyContext.getSession().getDirectoryService().isAccessControlEnabled() )
+        if ( !directoryService.isAccessControlEnabled() )
         {
             next.modify( modifyContext );
             return;
@@ -679,9 +679,12 @@ public class AciAuthorizationInterceptor
             /**
              * @TODO: A virtual entry can be created here for not hitting the backend again.
              */
-            Entry modifiedEntry = modifyContext.lookup( dn, ByPassConstants.LOOKUP_BYPASS, SchemaConstants.ALL_ATTRIBUTES_ARRAY );
+            CoreSession session = modifyContext.getSession();
+            LookupOperationContext lookupContext = new LookupOperationContext( session, dn, SchemaConstants.ALL_ATTRIBUTES_ARRAY );
+            Entry modifiedEntry = directoryService.getPartitionNexus().lookup( lookupContext );
             tupleCache.subentryModified( dn, mods, modifiedEntry );
             groupCache.groupModified( dn, mods, entry, schemaManager );
+
             return;
         }
 
@@ -801,22 +804,28 @@ public class AciAuthorizationInterceptor
         /**
          * @TODO: A virtual entry can be created here for not hitting the backend again.
          */
-        Entry modifiedEntry = modifyContext.lookup( dn, ByPassConstants.LOOKUP_BYPASS, SchemaConstants.ALL_ATTRIBUTES_ARRAY );
+        CoreSession session = modifyContext.getSession();
+        LookupOperationContext lookupContext = new LookupOperationContext( session, dn, SchemaConstants.ALL_ATTRIBUTES_ARRAY );
+
+        Entry modifiedEntry = directoryService.getPartitionNexus().lookup( lookupContext );
         tupleCache.subentryModified( dn, mods, modifiedEntry );
         groupCache.groupModified( dn, mods, entry, schemaManager );
     }
 
 
-    public boolean hasEntry( NextInterceptor next, EntryOperationContext hasEntryContext ) throws LdapException
+    /**
+     * {@inheritDoc}
+     */
+    public boolean hasEntry( EntryOperationContext hasEntryContext ) throws LdapException
     {
         Dn dn = hasEntryContext.getDn();
 
-        if ( !hasEntryContext.getSession().getDirectoryService().isAccessControlEnabled() )
+        if ( !directoryService.isAccessControlEnabled() )
         {
-            return ( dn.isRootDSE() || next.hasEntry( hasEntryContext ) );
+            return ( dn.isRootDSE() || next( hasEntryContext ) );
         }
 
-        boolean answer = next.hasEntry( hasEntryContext );
+        boolean answer = next( hasEntryContext );
 
         // no checks on the RootDSE
         if ( dn.isRootDSE() )
@@ -826,8 +835,10 @@ public class AciAuthorizationInterceptor
             return answer;
         }
 
+        CoreSession session = hasEntryContext.getSession();
+
         // TODO - eventually replace this with a check on session.isAnAdministrator()
-        LdapPrincipal principal = hasEntryContext.getSession().getEffectivePrincipal();
+        LdapPrincipal principal = session.getEffectivePrincipal();
         Dn principalDn = principal.getDn();
 
         if ( isPrincipalAnAdministrator( principalDn ) )
@@ -835,7 +846,9 @@ public class AciAuthorizationInterceptor
             return answer;
         }
 
-        Entry entry = hasEntryContext.lookup( dn, ByPassConstants.HAS_ENTRY_BYPASS, SchemaConstants.ALL_ATTRIBUTES_ARRAY );
+        LookupOperationContext lookupContext = new LookupOperationContext( session, dn, SchemaConstants.ALL_ATTRIBUTES_ARRAY );
+        Entry entry = directoryService.getPartitionNexus().lookup( lookupContext );
+
         Set<Dn> userGroups = groupCache.getGroups( principalDn.getNormName() );
         Collection<ACITuple> tuples = new HashSet<ACITuple>();
         addPerscriptiveAciTuples( hasEntryContext, tuples, dn, entry );
@@ -854,7 +867,7 @@ public class AciAuthorizationInterceptor
 
         engine.checkPermission( aciContext );
 
-        return next.hasEntry( hasEntryContext );
+        return next( hasEntryContext );
     }
 
 
@@ -929,10 +942,9 @@ public class AciAuthorizationInterceptor
     /**
      * {@inheritDoc}
      */
-    public Entry lookup( NextInterceptor next, LookupOperationContext lookupContext ) throws LdapException
+    public Entry lookup( LookupOperationContext lookupContext ) throws LdapException
     {
         CoreSession session = lookupContext.getSession();
-        DirectoryService directoryService = session.getDirectoryService();
 
         LdapPrincipal principal = session.getEffectivePrincipal();
         Dn principalDn = principal.getDn();
@@ -945,11 +957,10 @@ public class AciAuthorizationInterceptor
         // Bypass this interceptor if we disabled the AC subsystem or if the principal is the admin
         if ( isPrincipalAnAdministrator( principalDn ) || !directoryService.isAccessControlEnabled() )
         {
-            return next.lookup( lookupContext );
+            return next( lookupContext );
         }
 
-        lookupContext.setByPassed( ByPassConstants.LOOKUP_BYPASS );
-        Entry entry = directoryService.getOperationManager().lookup( lookupContext );
+        Entry entry = directoryService.getPartitionNexus().lookup( lookupContext );
 
         checkLookupAccess( lookupContext, entry );
 
@@ -972,13 +983,13 @@ public class AciAuthorizationInterceptor
         Dn newName = renameContext.getNewDn();
 
         // bypass authz code if we are disabled
-        if ( !renameContext.getSession().getDirectoryService().isAccessControlEnabled() )
+        if ( !directoryService.isAccessControlEnabled() )
         {
             next.rename( renameContext );
             return;
         }
 
-        protectCriticalEntries( oldName );
+        protectCriticalEntries( renameContext, oldName );
 
         // bypass authz code but manage caches if operation is performed by the admin
         if ( isPrincipalAnAdministrator( principalDn ) )
@@ -1015,25 +1026,25 @@ public class AciAuthorizationInterceptor
     }
 
 
-    public void moveAndRename( NextInterceptor next, MoveAndRenameOperationContext moveAndRenameContext )
-        throws LdapException
+    public void moveAndRename( NextInterceptor next, MoveAndRenameOperationContext moveAndRenameContext ) throws LdapException
     {
         Dn oldDn = moveAndRenameContext.getDn();
+        CoreSession session = moveAndRenameContext.getSession();
 
         Entry entry = moveAndRenameContext.getOriginalEntry();
 
-        LdapPrincipal principal = moveAndRenameContext.getSession().getEffectivePrincipal();
+        LdapPrincipal principal = session.getEffectivePrincipal();
         Dn principalDn = principal.getDn();
         Dn newDn = moveAndRenameContext.getNewDn();
 
         // bypass authz code if we are disabled
-        if ( !moveAndRenameContext.getSession().getDirectoryService().isAccessControlEnabled() )
+        if ( !directoryService.isAccessControlEnabled() )
         {
             next.moveAndRename( moveAndRenameContext );
             return;
         }
 
-        protectCriticalEntries( oldDn );
+        protectCriticalEntries( moveAndRenameContext, oldDn );
 
         // bypass authz code but manage caches if operation is performed by the admin
         if ( isPrincipalAnAdministrator( principalDn ) )
@@ -1041,6 +1052,7 @@ public class AciAuthorizationInterceptor
             next.moveAndRename( moveAndRenameContext );
             tupleCache.subentryRenamed( oldDn, newDn );
             groupCache.groupRenamed( oldDn, newDn );
+
             return;
         }
 
@@ -1067,8 +1079,8 @@ public class AciAuthorizationInterceptor
         // This will certainly be fixed by the SubentryInterceptor,
         // but after this service.
 
-        Entry importedEntry = moveAndRenameContext.lookup( oldDn,
-            ByPassConstants.LOOKUP_EXCLUDING_OPR_ATTRS_BYPASS, SchemaConstants.ALL_ATTRIBUTES_ARRAY );
+        LookupOperationContext lookupContext = new LookupOperationContext( session, oldDn, SchemaConstants.ALL_USER_ATTRIBUTES_ARRAY );
+        Entry importedEntry = directoryService.getPartitionNexus().lookup( lookupContext );
 
         // As the target entry does not exist yet and so
         // its subentry operational attributes are not there,
@@ -1114,20 +1126,21 @@ public class AciAuthorizationInterceptor
 
         // Access the principal requesting the operation, and bypass checks if it is the admin
         Entry entry = moveContext.getOriginalEntry();
+        CoreSession session = moveContext.getSession();
 
         Dn newDn = moveContext.getNewDn();
 
-        LdapPrincipal principal = moveContext.getSession().getEffectivePrincipal();
+        LdapPrincipal principal = session.getEffectivePrincipal();
         Dn principalDn = principal.getDn();
 
         // bypass authz code if we are disabled
-        if ( !moveContext.getSession().getDirectoryService().isAccessControlEnabled() )
+        if ( !directoryService.isAccessControlEnabled() )
         {
             next.move( moveContext );
             return;
         }
 
-        protectCriticalEntries( oriChildName );
+        protectCriticalEntries( moveContext, oriChildName );
 
         // bypass authz code but manage caches if operation is performed by the admin
         if ( isPrincipalAnAdministrator( principalDn ) )
@@ -1160,7 +1173,8 @@ public class AciAuthorizationInterceptor
         // will not be valid at the new location.
         // This will certainly be fixed by the SubentryInterceptor,
         // but after this service.
-        Entry importedEntry = moveContext.lookup( oriChildName, ByPassConstants.LOOKUP_EXCLUDING_OPR_ATTRS_BYPASS, SchemaConstants.ALL_ATTRIBUTES_ARRAY );
+        LookupOperationContext lookupContext = new LookupOperationContext( session, oriChildName, SchemaConstants.ALL_USER_ATTRIBUTES_ARRAY );
+        Entry importedEntry = directoryService.getPartitionNexus().lookup( lookupContext );
 
         // As the target entry does not exist yet and so
         // its subentry operational attributes are not there,
@@ -1197,19 +1211,23 @@ public class AciAuthorizationInterceptor
     }
 
 
-    public EntryFilteringCursor list( NextInterceptor next, ListOperationContext listContext ) throws LdapException
+    /**
+     * {@inheritDoc}
+     */
+    public EntryFilteringCursor list( ListOperationContext listContext ) throws LdapException
     {
         LdapPrincipal user = listContext.getSession().getEffectivePrincipal();
-        EntryFilteringCursor cursor = next.list( listContext );
+        EntryFilteringCursor cursor = next( listContext );
 
         if ( isPrincipalAnAdministrator( user.getDn() )
-            || !listContext.getSession().getDirectoryService().isAccessControlEnabled() )
+            || !directoryService.isAccessControlEnabled() )
         {
             return cursor;
         }
 
         AuthorizationFilter authzFilter = new AuthorizationFilter();
         cursor.addEntryFilter( authzFilter );
+
         return cursor;
     }
 
@@ -1226,7 +1244,7 @@ public class AciAuthorizationInterceptor
             && searchCtls.getSearchScope() == SearchControls.OBJECT_SCOPE;
 
         if ( isPrincipalAnAdministrator( principalDn )
-            || !searchContext.getSession().getDirectoryService().isAccessControlEnabled() || isRootDSELookup
+            || !directoryService.isAccessControlEnabled() || isRootDSELookup
             || isSubschemaSubentryLookup )
         {
             return cursor;
@@ -1246,21 +1264,20 @@ public class AciAuthorizationInterceptor
     /**
      * {@inheritDoc}
      */
-    public boolean compare( NextInterceptor next, CompareOperationContext compareContext ) throws LdapException
+    public boolean compare( CompareOperationContext compareContext ) throws LdapException
     {
         CoreSession session = compareContext.getSession();
         Dn dn = compareContext.getDn();
         String oid = compareContext.getOid();
-        Value<?> value = compareContext.getValue();
 
         Entry entry = compareContext.getOriginalEntry();
 
         LdapPrincipal principal = session.getEffectivePrincipal();
         Dn principalDn = principal.getDn();
 
-        if ( isPrincipalAnAdministrator( principalDn ) || !session.getDirectoryService().isAccessControlEnabled() )
+        if ( isPrincipalAnAdministrator( principalDn ) || !directoryService.isAccessControlEnabled() )
         {
-            return next.compare( compareContext );
+            return next( compareContext );
         }
 
         Set<Dn> userGroups = groupCache.getGroups( principalDn.getNormName() );
@@ -1294,7 +1311,7 @@ public class AciAuthorizationInterceptor
 
         engine.checkPermission( aciContext );
 
-        return next.compare( compareContext );
+        return next( compareContext );
     }
 
 
@@ -1407,7 +1424,7 @@ public class AciAuthorizationInterceptor
         return true;
     }
 
-    
+
     /**
      * WARNING: create one of these filters fresh every time for each new search.
      */
@@ -1416,7 +1433,7 @@ public class AciAuthorizationInterceptor
         public boolean accept( SearchingOperationContext searchContext, Entry entry ) throws Exception
         {
             Dn normName = entry.getDn().apply( schemaManager );
-            
+
             return filter( searchContext, normName, entry );
         }
     }



Mime
View raw message