directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From elecha...@apache.org
Subject svn commit: r1200870 [2/3] - in /directory/apacheds/trunk: interceptor-kerberos/src/main/java/org/apache/directory/server/core/kerberos/ interceptors/admin/src/main/java/org/apache/directory/server/core/admin/ interceptors/authn/src/main/java/org/apach...
Date Fri, 11 Nov 2011 13:15:40 GMT
Modified: directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/AciAuthorizationInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/AciAuthorizationInterceptor.java?rev=1200870&r1=1200869&r2=1200870&view=diff
==============================================================================
--- directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/AciAuthorizationInterceptor.java (original)
+++ directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/AciAuthorizationInterceptor.java Fri Nov 11 13:15:39 2011
@@ -498,7 +498,9 @@ public class AciAuthorizationInterceptor
      * operation.
      * -------------------------------------------------------------------------------
      */
-
+    /**
+     * {@inheritDoc}
+     */
     public void add( AddOperationContext addContext ) throws LdapException
     {
         // bypass authz code if it was disabled
@@ -589,12 +591,63 @@ public class AciAuthorizationInterceptor
     }
 
 
-    private boolean isTheAdministrator( Dn normalizedDn )
+    /**
+     * {@inheritDoc}
+     */
+    public boolean compare( CompareOperationContext compareContext ) throws LdapException
     {
-        return normalizedDn.getNormName().equals( ServerDNConstants.ADMIN_SYSTEM_DN_NORMALIZED );
+        CoreSession session = compareContext.getSession();
+        Dn dn = compareContext.getDn();
+        String oid = compareContext.getOid();
+
+        Entry entry = compareContext.getOriginalEntry();
+
+        LdapPrincipal principal = session.getEffectivePrincipal();
+        Dn principalDn = principal.getDn();
+
+        if ( isPrincipalAnAdministrator( principalDn ) || !directoryService.isAccessControlEnabled() )
+        {
+            return next( compareContext );
+        }
+
+        Set<Dn> userGroups = groupCache.getGroups( principalDn.getNormName() );
+        Collection<ACITuple> tuples = new HashSet<ACITuple>();
+        addPerscriptiveAciTuples( compareContext, tuples, dn, entry );
+        addEntryAciTuples( tuples, entry );
+        addSubentryAciTuples( compareContext, tuples, dn, entry );
+
+        AciContext aciContext = new AciContext( schemaManager, compareContext );
+        aciContext.setUserGroupNames( userGroups );
+        aciContext.setUserDn( principalDn );
+        aciContext.setAuthenticationLevel( principal.getAuthenticationLevel() );
+        aciContext.setEntryDn( dn );
+        aciContext.setMicroOperations( READ_PERMS );
+        aciContext.setAciTuples( tuples );
+        aciContext.setEntry( entry );
+
+        engine.checkPermission( aciContext );
+
+        AttributeType attributeType = schemaManager.lookupAttributeTypeRegistry( oid );
+
+        aciContext = new AciContext( schemaManager, compareContext );
+        aciContext.setUserGroupNames( userGroups );
+        aciContext.setUserDn( principalDn );
+        aciContext.setAuthenticationLevel( principal.getAuthenticationLevel() );
+        aciContext.setEntryDn( dn );
+        aciContext.setAttributeType( attributeType );
+        aciContext.setMicroOperations( COMPARE_PERMS );
+        aciContext.setAciTuples( tuples );
+        aciContext.setEntry( entry );
+
+        engine.checkPermission( aciContext );
+
+        return next( compareContext );
     }
 
 
+    /**
+     * {@inheritDoc}
+     */
     public void delete( DeleteOperationContext deleteContext ) throws LdapException
     {
         CoreSession session = deleteContext.getSession();
@@ -649,8 +702,117 @@ public class AciAuthorizationInterceptor
     }
 
 
-    // False positive, we want to keep the comment
-    @SuppressWarnings("PMD.CollapsibleIfStatements")
+    /**
+     * {@inheritDoc}
+     */
+    public boolean hasEntry( EntryOperationContext hasEntryContext ) throws LdapException
+    {
+        Dn dn = hasEntryContext.getDn();
+
+        if ( !directoryService.isAccessControlEnabled() )
+        {
+            return ( dn.isRootDSE() || next( hasEntryContext ) );
+        }
+
+        boolean answer = next( hasEntryContext );
+
+        // no checks on the RootDSE
+        if ( dn.isRootDSE() )
+        {
+            // No need to go down to the stack, if the dn is empty
+            // It's the rootDSE, and it exists !
+            return answer;
+        }
+
+        CoreSession session = hasEntryContext.getSession();
+
+        // TODO - eventually replace this with a check on session.isAnAdministrator()
+        LdapPrincipal principal = session.getEffectivePrincipal();
+        Dn principalDn = principal.getDn();
+
+        if ( isPrincipalAnAdministrator( principalDn ) )
+        {
+            return answer;
+        }
+
+        LookupOperationContext lookupContext = new LookupOperationContext( session, dn, SchemaConstants.ALL_ATTRIBUTES_ARRAY );
+        Entry entry = directoryService.getPartitionNexus().lookup( lookupContext );
+
+        Set<Dn> userGroups = groupCache.getGroups( principalDn.getNormName() );
+        Collection<ACITuple> tuples = new HashSet<ACITuple>();
+        addPerscriptiveAciTuples( hasEntryContext, tuples, dn, entry );
+        addEntryAciTuples( tuples, ( ( ClonedServerEntry ) entry ).getOriginalEntry() );
+        addSubentryAciTuples( hasEntryContext, tuples, dn, ( ( ClonedServerEntry ) entry ).getOriginalEntry() );
+
+        // check that we have browse access to the entry
+        AciContext aciContext = new AciContext( schemaManager, hasEntryContext );
+        aciContext.setUserGroupNames( userGroups );
+        aciContext.setUserDn( principalDn );
+        aciContext.setAuthenticationLevel( principal.getAuthenticationLevel() );
+        aciContext.setEntryDn( dn );
+        aciContext.setMicroOperations( BROWSE_PERMS );
+        aciContext.setAciTuples( tuples );
+        aciContext.setEntry( ((ClonedServerEntry)entry).getOriginalEntry() );
+
+        engine.checkPermission( aciContext );
+
+        return next( hasEntryContext );
+    }
+
+
+    /**
+     * {@inheritDoc}
+     */
+    public EntryFilteringCursor list( ListOperationContext listContext ) throws LdapException
+    {
+        LdapPrincipal user = listContext.getSession().getEffectivePrincipal();
+        EntryFilteringCursor cursor = next( listContext );
+
+        if ( isPrincipalAnAdministrator( user.getDn() )
+            || !directoryService.isAccessControlEnabled() )
+        {
+            return cursor;
+        }
+
+        AuthorizationFilter authzFilter = new AuthorizationFilter();
+        cursor.addEntryFilter( authzFilter );
+
+        return cursor;
+    }
+
+
+    /**
+     * {@inheritDoc}
+     */
+    public Entry lookup( LookupOperationContext lookupContext ) throws LdapException
+    {
+        CoreSession session = lookupContext.getSession();
+
+        LdapPrincipal principal = session.getEffectivePrincipal();
+        Dn principalDn = principal.getDn();
+
+        if ( !principalDn.isSchemaAware() )
+        {
+            principalDn.apply( schemaManager );
+        }
+
+        // Bypass this interceptor if we disabled the AC subsystem or if the principal is the admin
+        if ( isPrincipalAnAdministrator( principalDn ) || !directoryService.isAccessControlEnabled() )
+        {
+            return next( lookupContext );
+        }
+
+        Entry entry = directoryService.getPartitionNexus().lookup( lookupContext );
+
+        checkLookupAccess( lookupContext, entry );
+
+        return entry;
+    }
+
+
+    /**
+     * {@inheritDoc}
+     */
     public void modify( ModifyOperationContext modifyContext ) throws LdapException
     {
         Dn dn = modifyContext.getDn();
@@ -815,216 +977,100 @@ public class AciAuthorizationInterceptor
     /**
      * {@inheritDoc}
      */
-    public boolean hasEntry( EntryOperationContext hasEntryContext ) throws LdapException
+    public void move( MoveOperationContext moveContext ) throws LdapException
     {
-        Dn dn = hasEntryContext.getDn();
+        Dn oriChildName = moveContext.getDn();
 
-        if ( !directoryService.isAccessControlEnabled() )
-        {
-            return ( dn.isRootDSE() || next( hasEntryContext ) );
-        }
+        // Access the principal requesting the operation, and bypass checks if it is the admin
+        Entry entry = moveContext.getOriginalEntry();
+        CoreSession session = moveContext.getSession();
 
-        boolean answer = next( hasEntryContext );
+        Dn newDn = moveContext.getNewDn();
 
-        // no checks on the RootDSE
-        if ( dn.isRootDSE() )
+        LdapPrincipal principal = session.getEffectivePrincipal();
+        Dn principalDn = principal.getDn();
+
+        // bypass authz code if we are disabled
+        if ( !directoryService.isAccessControlEnabled() )
         {
-            // No need to go down to the stack, if the dn is empty
-            // It's the rootDSE, and it exists !
-            return answer;
+            next( moveContext );
+            return;
         }
 
-        CoreSession session = hasEntryContext.getSession();
-
-        // TODO - eventually replace this with a check on session.isAnAdministrator()
-        LdapPrincipal principal = session.getEffectivePrincipal();
-        Dn principalDn = principal.getDn();
+        protectCriticalEntries( moveContext, oriChildName );
 
+        // bypass authz code but manage caches if operation is performed by the admin
         if ( isPrincipalAnAdministrator( principalDn ) )
         {
-            return answer;
+            next( moveContext );
+            tupleCache.subentryRenamed( oriChildName, newDn );
+            groupCache.groupRenamed( oriChildName, newDn );
+            return;
         }
 
-        LookupOperationContext lookupContext = new LookupOperationContext( session, dn, SchemaConstants.ALL_ATTRIBUTES_ARRAY );
-        Entry entry = directoryService.getPartitionNexus().lookup( lookupContext );
-
         Set<Dn> userGroups = groupCache.getGroups( principalDn.getNormName() );
         Collection<ACITuple> tuples = new HashSet<ACITuple>();
-        addPerscriptiveAciTuples( hasEntryContext, tuples, dn, entry );
-        addEntryAciTuples( tuples, ( ( ClonedServerEntry ) entry ).getOriginalEntry() );
-        addSubentryAciTuples( hasEntryContext, tuples, dn, ( ( ClonedServerEntry ) entry ).getOriginalEntry() );
+        addPerscriptiveAciTuples( moveContext, tuples, oriChildName, entry );
+        addEntryAciTuples( tuples, entry );
+        addSubentryAciTuples( moveContext, tuples, oriChildName, entry );
 
-        // check that we have browse access to the entry
-        AciContext aciContext = new AciContext( schemaManager, hasEntryContext );
+        AciContext aciContext = new AciContext( schemaManager, moveContext );
         aciContext.setUserGroupNames( userGroups );
         aciContext.setUserDn( principalDn );
         aciContext.setAuthenticationLevel( principal.getAuthenticationLevel() );
-        aciContext.setEntryDn( dn );
-        aciContext.setMicroOperations( BROWSE_PERMS );
+        aciContext.setEntryDn( oriChildName );
+        aciContext.setMicroOperations( EXPORT_PERMS );
         aciContext.setAciTuples( tuples );
-        aciContext.setEntry( ((ClonedServerEntry)entry).getOriginalEntry() );
+        aciContext.setEntry( entry );
 
         engine.checkPermission( aciContext );
 
-        return next( hasEntryContext );
-    }
+        // Get the entry again without operational attributes
+        // because access control subentry operational attributes
+        // will not be valid at the new location.
+        // This will certainly be fixed by the SubentryInterceptor,
+        // but after this service.
+        LookupOperationContext lookupContext = new LookupOperationContext( session, oriChildName, SchemaConstants.ALL_USER_ATTRIBUTES_ARRAY );
+        Entry importedEntry = directoryService.getPartitionNexus().lookup( lookupContext );
 
+        // As the target entry does not exist yet and so
+        // its subentry operational attributes are not there,
+        // we need to construct an entry to represent it
+        // at least with minimal requirements which are object class
+        // and access control subentry operational attributes.
+        Entry subentryAttrs = subentryUtils.getSubentryAttributes( newDn, importedEntry );
 
-    /**
-     * Checks if the READ permissions exist to the entry and to each attribute type and
-     * value.
-     *
-     * @todo not sure if we should hide attribute types/values or throw an exception
-     * instead.  I think we're going to have to use a filter to restrict the return
-     * of attribute types and values instead of throwing an exception.  Lack of read
-     * perms to attributes and their values results in their removal when returning
-     * the entry.
-     *
-     * @param principal the user associated with the call
-     * @param dn the name of the entry being looked up
-     * @param entry the raw entry pulled from the nexus
-     * @throws Exception if undlying access to the DIT fails
-     */
-    private void checkLookupAccess( LookupOperationContext lookupContext, Entry entry ) throws LdapException
-    {
-        Dn dn = lookupContext.getDn();
-
-        // no permissions checks on the RootDSE
-        if ( dn.isRootDSE() )
+        for ( Attribute attribute : importedEntry )
         {
-            return;
+            subentryAttrs.put( attribute );
         }
 
-        LdapPrincipal principal = lookupContext.getSession().getEffectivePrincipal();
-        Dn userName = principal.getDn();
-        Set<Dn> userGroups = groupCache.getGroups( userName.getNormName() );
-        Collection<ACITuple> tuples = new HashSet<ACITuple>();
-        addPerscriptiveAciTuples( lookupContext, tuples, dn, entry );
-        addEntryAciTuples( tuples, entry );
-        addSubentryAciTuples( lookupContext, tuples, dn, entry );
+        Collection<ACITuple> destTuples = new HashSet<ACITuple>();
+        // Import permission is only valid for prescriptive ACIs
+        addPerscriptiveAciTuples( moveContext, destTuples, newDn, subentryAttrs );
 
-        // check that we have read access to the entry
-        AciContext aciContext = new AciContext( schemaManager, lookupContext );
+        // Evaluate the target context to see whether it
+        // allows an entry named newName to be imported as a subordinate.
+        aciContext = new AciContext( schemaManager, moveContext );
         aciContext.setUserGroupNames( userGroups );
-        aciContext.setUserDn( userName );
+        aciContext.setUserDn( principalDn );
         aciContext.setAuthenticationLevel( principal.getAuthenticationLevel() );
-        aciContext.setEntryDn( dn );
-        aciContext.setMicroOperations( LOOKUP_PERMS );
-        aciContext.setAciTuples( tuples );
-        aciContext.setEntry( entry );
+        aciContext.setEntryDn( newDn );
+        aciContext.setMicroOperations( IMPORT_PERMS );
+        aciContext.setAciTuples( destTuples );
+        aciContext.setEntry( subentryAttrs );
 
         engine.checkPermission( aciContext );
 
-        // check that we have read access to every attribute type and value
-        for ( Attribute attribute : entry )
-        {
-
-            for ( Value<?> value : attribute )
-            {
-                AciContext valueAciContext = new AciContext( schemaManager, lookupContext );
-                valueAciContext.setUserGroupNames( userGroups );
-                valueAciContext.setUserDn( userName );
-                valueAciContext.setAuthenticationLevel( principal.getAuthenticationLevel() );
-                valueAciContext.setEntryDn( dn );
-                valueAciContext.setAttributeType( attribute.getAttributeType() );
-                valueAciContext.setAttrValue( value );
-                valueAciContext.setMicroOperations( READ_PERMS );
-                valueAciContext.setAciTuples( tuples );
-                valueAciContext.setEntry( entry );
-
-                engine.checkPermission( valueAciContext );
-            }
-        }
+        next( moveContext );
+        tupleCache.subentryRenamed( oriChildName, newDn );
+        groupCache.groupRenamed( oriChildName, newDn );
     }
 
 
     /**
      * {@inheritDoc}
      */
-    public Entry lookup( LookupOperationContext lookupContext ) throws LdapException
-    {
-        CoreSession session = lookupContext.getSession();
-
-        LdapPrincipal principal = session.getEffectivePrincipal();
-        Dn principalDn = principal.getDn();
-
-        if ( !principalDn.isSchemaAware() )
-        {
-            principalDn.apply( schemaManager );
-        }
-
-        // Bypass this interceptor if we disabled the AC subsystem or if the principal is the admin
-        if ( isPrincipalAnAdministrator( principalDn ) || !directoryService.isAccessControlEnabled() )
-        {
-            return next( lookupContext );
-        }
-
-        Entry entry = directoryService.getPartitionNexus().lookup( lookupContext );
-
-        checkLookupAccess( lookupContext, entry );
-
-        return entry;
-    }
-
-
-    public void rename( RenameOperationContext renameContext ) throws LdapException
-    {
-        Dn oldName = renameContext.getDn();
-        Entry originalEntry = null;
-
-        if ( renameContext.getEntry() != null )
-        {
-            originalEntry = ((ClonedServerEntry)renameContext.getEntry()).getOriginalEntry();
-        }
-
-        LdapPrincipal principal = renameContext.getSession().getEffectivePrincipal();
-        Dn principalDn = principal.getDn();
-        Dn newName = renameContext.getNewDn();
-
-        // bypass authz code if we are disabled
-        if ( !directoryService.isAccessControlEnabled() )
-        {
-            next( renameContext );
-            return;
-        }
-
-        protectCriticalEntries( renameContext, oldName );
-
-        // bypass authz code but manage caches if operation is performed by the admin
-        if ( isPrincipalAnAdministrator( principalDn ) )
-        {
-            next( renameContext );
-            tupleCache.subentryRenamed( oldName, newName );
-
-            // TODO : this method returns a boolean : what should we do with the result ?
-            groupCache.groupRenamed( oldName, newName );
-
-            return;
-        }
-
-        Set<Dn> userGroups = groupCache.getGroups( principalDn.getNormName() );
-        Collection<ACITuple> tuples = new HashSet<ACITuple>();
-        addPerscriptiveAciTuples( renameContext, tuples, oldName, originalEntry );
-        addEntryAciTuples( tuples, originalEntry );
-        addSubentryAciTuples( renameContext, tuples, oldName, originalEntry );
-
-        AciContext aciContext = new AciContext( schemaManager, renameContext );
-        aciContext.setUserGroupNames( userGroups );
-        aciContext.setUserDn( principalDn );
-        aciContext.setAuthenticationLevel( principal.getAuthenticationLevel() );
-        aciContext.setEntryDn( oldName );
-        aciContext.setMicroOperations( RENAME_PERMS );
-        aciContext.setAciTuples( tuples );
-        aciContext.setEntry( originalEntry );
-
-        engine.checkPermission( aciContext );
-
-        next( renameContext );
-        tupleCache.subentryRenamed( oldName, newName );
-        groupCache.groupRenamed( oldName, newName );
-    }
-
-
     public void moveAndRename( MoveAndRenameOperationContext moveAndRenameContext ) throws LdapException
     {
         Dn oldDn = moveAndRenameContext.getDn();
@@ -1120,118 +1166,67 @@ public class AciAuthorizationInterceptor
     /**
      * {@inheritDoc}
      */
-    public void move( MoveOperationContext moveContext ) throws LdapException
+    public void rename( RenameOperationContext renameContext ) throws LdapException
     {
-        Dn oriChildName = moveContext.getDn();
-
-        // Access the principal requesting the operation, and bypass checks if it is the admin
-        Entry entry = moveContext.getOriginalEntry();
-        CoreSession session = moveContext.getSession();
+        Dn oldName = renameContext.getDn();
+        Entry originalEntry = null;
 
-        Dn newDn = moveContext.getNewDn();
+        if ( renameContext.getEntry() != null )
+        {
+            originalEntry = ((ClonedServerEntry)renameContext.getEntry()).getOriginalEntry();
+        }
 
-        LdapPrincipal principal = session.getEffectivePrincipal();
+        LdapPrincipal principal = renameContext.getSession().getEffectivePrincipal();
         Dn principalDn = principal.getDn();
+        Dn newName = renameContext.getNewDn();
 
         // bypass authz code if we are disabled
         if ( !directoryService.isAccessControlEnabled() )
         {
-            next( moveContext );
+            next( renameContext );
             return;
         }
 
-        protectCriticalEntries( moveContext, oriChildName );
+        protectCriticalEntries( renameContext, oldName );
 
         // bypass authz code but manage caches if operation is performed by the admin
         if ( isPrincipalAnAdministrator( principalDn ) )
         {
-            next( moveContext );
-            tupleCache.subentryRenamed( oriChildName, newDn );
-            groupCache.groupRenamed( oriChildName, newDn );
+            next( renameContext );
+            tupleCache.subentryRenamed( oldName, newName );
+
+            // TODO : this method returns a boolean : what should we do with the result ?
+            groupCache.groupRenamed( oldName, newName );
+
             return;
         }
 
         Set<Dn> userGroups = groupCache.getGroups( principalDn.getNormName() );
         Collection<ACITuple> tuples = new HashSet<ACITuple>();
-        addPerscriptiveAciTuples( moveContext, tuples, oriChildName, entry );
-        addEntryAciTuples( tuples, entry );
-        addSubentryAciTuples( moveContext, tuples, oriChildName, entry );
+        addPerscriptiveAciTuples( renameContext, tuples, oldName, originalEntry );
+        addEntryAciTuples( tuples, originalEntry );
+        addSubentryAciTuples( renameContext, tuples, oldName, originalEntry );
 
-        AciContext aciContext = new AciContext( schemaManager, moveContext );
+        AciContext aciContext = new AciContext( schemaManager, renameContext );
         aciContext.setUserGroupNames( userGroups );
         aciContext.setUserDn( principalDn );
         aciContext.setAuthenticationLevel( principal.getAuthenticationLevel() );
-        aciContext.setEntryDn( oriChildName );
-        aciContext.setMicroOperations( EXPORT_PERMS );
+        aciContext.setEntryDn( oldName );
+        aciContext.setMicroOperations( RENAME_PERMS );
         aciContext.setAciTuples( tuples );
-        aciContext.setEntry( entry );
-
-        engine.checkPermission( aciContext );
-
-        // Get the entry again without operational attributes
-        // because access control subentry operational attributes
-        // will not be valid at the new location.
-        // This will certainly be fixed by the SubentryInterceptor,
-        // but after this service.
-        LookupOperationContext lookupContext = new LookupOperationContext( session, oriChildName, SchemaConstants.ALL_USER_ATTRIBUTES_ARRAY );
-        Entry importedEntry = directoryService.getPartitionNexus().lookup( lookupContext );
-
-        // As the target entry does not exist yet and so
-        // its subentry operational attributes are not there,
-        // we need to construct an entry to represent it
-        // at least with minimal requirements which are object class
-        // and access control subentry operational attributes.
-        Entry subentryAttrs = subentryUtils.getSubentryAttributes( newDn, importedEntry );
-
-        for ( Attribute attribute : importedEntry )
-        {
-            subentryAttrs.put( attribute );
-        }
-
-        Collection<ACITuple> destTuples = new HashSet<ACITuple>();
-        // Import permission is only valid for prescriptive ACIs
-        addPerscriptiveAciTuples( moveContext, destTuples, newDn, subentryAttrs );
-
-        // Evaluate the target context to see whether it
-        // allows an entry named newName to be imported as a subordinate.
-        aciContext = new AciContext( schemaManager, moveContext );
-        aciContext.setUserGroupNames( userGroups );
-        aciContext.setUserDn( principalDn );
-        aciContext.setAuthenticationLevel( principal.getAuthenticationLevel() );
-        aciContext.setEntryDn( newDn );
-        aciContext.setMicroOperations( IMPORT_PERMS );
-        aciContext.setAciTuples( destTuples );
-        aciContext.setEntry( subentryAttrs );
+        aciContext.setEntry( originalEntry );
 
         engine.checkPermission( aciContext );
 
-        next( moveContext );
-        tupleCache.subentryRenamed( oriChildName, newDn );
-        groupCache.groupRenamed( oriChildName, newDn );
+        next( renameContext );
+        tupleCache.subentryRenamed( oldName, newName );
+        groupCache.groupRenamed( oldName, newName );
     }
 
 
     /**
      * {@inheritDoc}
      */
-    public EntryFilteringCursor list( ListOperationContext listContext ) throws LdapException
-    {
-        LdapPrincipal user = listContext.getSession().getEffectivePrincipal();
-        EntryFilteringCursor cursor = next( listContext );
-
-        if ( isPrincipalAnAdministrator( user.getDn() )
-            || !directoryService.isAccessControlEnabled() )
-        {
-            return cursor;
-        }
-
-        AuthorizationFilter authzFilter = new AuthorizationFilter();
-        cursor.addEntryFilter( authzFilter );
-
-        return cursor;
-    }
-
-
     public EntryFilteringCursor search( SearchOperationContext searchContext ) throws LdapException
     {
         LdapPrincipal user = searchContext.getSession().getEffectivePrincipal();
@@ -1255,63 +1250,77 @@ public class AciAuthorizationInterceptor
     }
 
 
-    public final boolean isPrincipalAnAdministrator( Dn principalDn )
-    {
-        return groupCache.isPrincipalAnAdministrator( principalDn );
-    }
-
-
     /**
-     * {@inheritDoc}
+     * Checks if the READ permissions exist to the entry and to each attribute type and
+     * value.
+     *
+     * @todo not sure if we should hide attribute types/values or throw an exception
+     * instead.  I think we're going to have to use a filter to restrict the return
+     * of attribute types and values instead of throwing an exception.  Lack of read
+     * perms to attributes and their values results in their removal when returning
+     * the entry.
+     *
+     * @param principal the user associated with the call
+     * @param dn the name of the entry being looked up
+     * @param entry the raw entry pulled from the nexus
+     * @throws Exception if undlying access to the DIT fails
      */
-    public boolean compare( CompareOperationContext compareContext ) throws LdapException
+    private void checkLookupAccess( LookupOperationContext lookupContext, Entry entry ) throws LdapException
     {
-        CoreSession session = compareContext.getSession();
-        Dn dn = compareContext.getDn();
-        String oid = compareContext.getOid();
-
-        Entry entry = compareContext.getOriginalEntry();
-
-        LdapPrincipal principal = session.getEffectivePrincipal();
-        Dn principalDn = principal.getDn();
+        Dn dn = lookupContext.getDn();
 
-        if ( isPrincipalAnAdministrator( principalDn ) || !directoryService.isAccessControlEnabled() )
+        // no permissions checks on the RootDSE
+        if ( dn.isRootDSE() )
         {
-            return next( compareContext );
+            return;
         }
 
-        Set<Dn> userGroups = groupCache.getGroups( principalDn.getNormName() );
+        LdapPrincipal principal = lookupContext.getSession().getEffectivePrincipal();
+        Dn userName = principal.getDn();
+        Set<Dn> userGroups = groupCache.getGroups( userName.getNormName() );
         Collection<ACITuple> tuples = new HashSet<ACITuple>();
-        addPerscriptiveAciTuples( compareContext, tuples, dn, entry );
+        addPerscriptiveAciTuples( lookupContext, tuples, dn, entry );
         addEntryAciTuples( tuples, entry );
-        addSubentryAciTuples( compareContext, tuples, dn, entry );
+        addSubentryAciTuples( lookupContext, tuples, dn, entry );
 
-        AciContext aciContext = new AciContext( schemaManager, compareContext );
+        // check that we have read access to the entry
+        AciContext aciContext = new AciContext( schemaManager, lookupContext );
         aciContext.setUserGroupNames( userGroups );
-        aciContext.setUserDn( principalDn );
+        aciContext.setUserDn( userName );
         aciContext.setAuthenticationLevel( principal.getAuthenticationLevel() );
         aciContext.setEntryDn( dn );
-        aciContext.setMicroOperations( READ_PERMS );
+        aciContext.setMicroOperations( LOOKUP_PERMS );
         aciContext.setAciTuples( tuples );
         aciContext.setEntry( entry );
 
         engine.checkPermission( aciContext );
 
-        AttributeType attributeType = schemaManager.lookupAttributeTypeRegistry( oid );
+        // check that we have read access to every attribute type and value
+        for ( Attribute attribute : entry )
+        {
 
-        aciContext = new AciContext( schemaManager, compareContext );
-        aciContext.setUserGroupNames( userGroups );
-        aciContext.setUserDn( principalDn );
-        aciContext.setAuthenticationLevel( principal.getAuthenticationLevel() );
-        aciContext.setEntryDn( dn );
-        aciContext.setAttributeType( attributeType );
-        aciContext.setMicroOperations( COMPARE_PERMS );
-        aciContext.setAciTuples( tuples );
-        aciContext.setEntry( entry );
+            for ( Value<?> value : attribute )
+            {
+                AciContext valueAciContext = new AciContext( schemaManager, lookupContext );
+                valueAciContext.setUserGroupNames( userGroups );
+                valueAciContext.setUserDn( userName );
+                valueAciContext.setAuthenticationLevel( principal.getAuthenticationLevel() );
+                valueAciContext.setEntryDn( dn );
+                valueAciContext.setAttributeType( attribute.getAttributeType() );
+                valueAciContext.setAttrValue( value );
+                valueAciContext.setMicroOperations( READ_PERMS );
+                valueAciContext.setAciTuples( tuples );
+                valueAciContext.setEntry( entry );
 
-        engine.checkPermission( aciContext );
+                engine.checkPermission( valueAciContext );
+            }
+        }
+    }
 
-        return next( compareContext );
+
+    public final boolean isPrincipalAnAdministrator( Dn principalDn )
+    {
+        return groupCache.isPrincipalAnAdministrator( principalDn );
     }
 
 
@@ -1437,4 +1446,10 @@ public class AciAuthorizationInterceptor
             return filter( searchContext, normName, entry );
         }
     }
+
+
+    private boolean isTheAdministrator( Dn normalizedDn )
+    {
+        return normalizedDn.getNormName().equals( ServerDNConstants.ADMIN_SYSTEM_DN_NORMALIZED );
+    }
 }

Modified: directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/DefaultAuthorizationInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/DefaultAuthorizationInterceptor.java?rev=1200870&r1=1200869&r2=1200870&view=diff
==============================================================================
--- directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/DefaultAuthorizationInterceptor.java (original)
+++ directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/DefaultAuthorizationInterceptor.java Fri Nov 11 13:15:39 2011
@@ -150,7 +150,9 @@ public class DefaultAuthorizationInterce
     // Note:
     //    Lookup, search and list operations need to be handled using a filter
     // and so we need access to the filter service.
-
+    /**
+     * {@inheritDoc}
+     */
     public void delete( DeleteOperationContext deleteContext ) throws LdapException
     {
         if ( deleteContext.getSession().getDirectoryService().isAccessControlEnabled() )
@@ -205,28 +207,55 @@ public class DefaultAuthorizationInterce
     }
 
 
-    private boolean isTheAdministrator( Dn dn )
+    /**
+     * {@inheritDoc}
+     */
+    public EntryFilteringCursor list( ListOperationContext listContext ) throws LdapException
     {
-        return dn.equals( ADMIN_SYSTEM_DN );
+        EntryFilteringCursor cursor = next( listContext );
+
+        if ( listContext.getSession().getDirectoryService().isAccessControlEnabled() )
+        {
+            return cursor;
+        }
+
+        cursor.addEntryFilter( new DefaultAuthorizationSearchFilter() );
+
+        return cursor;
     }
 
 
-    private boolean isAnAdministrator( Dn dn )
+    /**
+     * {@inheritDoc}
+     */
+    public Entry lookup( LookupOperationContext lookupContext ) throws LdapException
     {
-        return isTheAdministrator( dn ) || administrators.contains( dn.getNormName() );
+        CoreSession session = lookupContext.getSession();
+        Entry entry = next( lookupContext );
+
+        if ( session.getDirectoryService().isAccessControlEnabled() )
+        {
+            return entry;
+        }
+
+        protectLookUp( session.getEffectivePrincipal().getDn(), lookupContext.getDn() );
+
+        return entry;
     }
 
 
     // ------------------------------------------------------------------------
     // Entry Modification Operations
     // ------------------------------------------------------------------------
-
     /**
      * This policy needs to be really tight too because some attributes may take
      * part in giving the user permissions to protected resources.  We do not want
      * users to self access these resources.  As far as we're concerned no one but
      * the admin needs access.
      */
+    /**
+     * {@inheritDoc}
+     */
     public void modify( ModifyOperationContext modifyContext ) throws LdapException
     {
         if ( !modifyContext.getSession().getDirectoryService().isAccessControlEnabled() )
@@ -249,49 +278,31 @@ public class DefaultAuthorizationInterce
     }
 
 
-    private void protectModifyAlterations( OperationContext opCtx, Dn dn ) throws LdapException
+    /**
+     * {@inheritDoc}
+     */
+    public void move( MoveOperationContext moveContext ) throws LdapException
     {
-        Dn principalDn = getPrincipal( opCtx ).getDn();
-
-        if ( dn.isEmpty() )
+        if ( !moveContext.getSession().getDirectoryService().isAccessControlEnabled() )
         {
-            String msg = I18n.err( I18n.ERR_17 );
-            LOG.error( msg );
-            throw new LdapNoPermissionException( msg );
+            protectDnAlterations( moveContext, moveContext.getDn() );
         }
 
-        if ( !isAnAdministrator( principalDn ) )
-        {
-            // allow self modifications
-            if ( dn.equals( getPrincipal( opCtx ) ) )
-            {
-                return;
-            }
-
-            if ( dn.equals( ADMIN_SYSTEM_DN ) )
-            {
-                String msg = I18n.err( I18n.ERR_18, principalDn.getName() );
-                LOG.error( msg );
-                throw new LdapNoPermissionException( msg );
-            }
+        next( moveContext );
+    }
 
-            if ( dn.size() > 2 )
-            {
-                if ( dn.isDescendantOf( ADMIN_SYSTEM_DN ) )
-                {
-                    String msg = I18n.err( I18n.ERR_19, principalDn.getName(), dn.getName() );
-                    LOG.error( msg );
-                    throw new LdapNoPermissionException( msg );
-                }
 
-                if ( dn.isDescendantOf( GROUP_BASE_DN ) )
-                {
-                    String msg = I18n.err( I18n.ERR_20, principalDn.getName(), dn.getName() );
-                    LOG.error( msg );
-                    throw new LdapNoPermissionException( msg );
-                }
-            }
+    /**
+     * {@inheritDoc}
+     */
+    public void moveAndRename( MoveAndRenameOperationContext moveAndRenameContext ) throws LdapException
+    {
+        if ( !moveAndRenameContext.getSession().getDirectoryService().isAccessControlEnabled() )
+        {
+            protectDnAlterations( moveAndRenameContext, moveAndRenameContext.getDn() );
         }
+
+        next( moveAndRenameContext );
     }
 
 
@@ -303,7 +314,9 @@ public class DefaultAuthorizationInterce
     //  o Only the administrator can move or rename non-admin user entries
     //  o The administrator entry cannot be moved or renamed by anyone
     // ------------------------------------------------------------------------
-
+    /**
+     * {@inheritDoc}
+     */
     public void rename( RenameOperationContext renameContext ) throws LdapException
     {
         if ( !renameContext.getSession().getDirectoryService().isAccessControlEnabled() )
@@ -318,25 +331,76 @@ public class DefaultAuthorizationInterce
     /**
      * {@inheritDoc}
      */
-    public void move( MoveOperationContext moveContext ) throws LdapException
+    public EntryFilteringCursor search( SearchOperationContext searchContext ) throws LdapException
     {
-        if ( !moveContext.getSession().getDirectoryService().isAccessControlEnabled() )
+        EntryFilteringCursor cursor = next( searchContext );
+
+        if ( searchContext.getSession().getDirectoryService().isAccessControlEnabled() )
         {
-            protectDnAlterations( moveContext, moveContext.getDn() );
+            return cursor;
         }
 
-        next( moveContext );
+        cursor.addEntryFilter( new DefaultAuthorizationSearchFilter() );
+
+        return cursor;
     }
 
 
-    public void moveAndRename( MoveAndRenameOperationContext moveAndRenameContext ) throws LdapException
+    private boolean isTheAdministrator( Dn dn )
     {
-        if ( !moveAndRenameContext.getSession().getDirectoryService().isAccessControlEnabled() )
+        return dn.equals( ADMIN_SYSTEM_DN );
+    }
+
+
+    private boolean isAnAdministrator( Dn dn )
+    {
+        return isTheAdministrator( dn ) || administrators.contains( dn.getNormName() );
+    }
+
+
+    private void protectModifyAlterations( OperationContext opCtx, Dn dn ) throws LdapException
+    {
+        Dn principalDn = getPrincipal( opCtx ).getDn();
+
+        if ( dn.isEmpty() )
         {
-            protectDnAlterations( moveAndRenameContext, moveAndRenameContext.getDn() );
+            String msg = I18n.err( I18n.ERR_17 );
+            LOG.error( msg );
+            throw new LdapNoPermissionException( msg );
         }
 
-        next( moveAndRenameContext );
+        if ( !isAnAdministrator( principalDn ) )
+        {
+            // allow self modifications
+            if ( dn.equals( getPrincipal( opCtx ) ) )
+            {
+                return;
+            }
+
+            if ( dn.equals( ADMIN_SYSTEM_DN ) )
+            {
+                String msg = I18n.err( I18n.ERR_18, principalDn.getName() );
+                LOG.error( msg );
+                throw new LdapNoPermissionException( msg );
+            }
+
+            if ( dn.size() > 2 )
+            {
+                if ( dn.isDescendantOf( ADMIN_SYSTEM_DN ) )
+                {
+                    String msg = I18n.err( I18n.ERR_19, principalDn.getName(), dn.getName() );
+                    LOG.error( msg );
+                    throw new LdapNoPermissionException( msg );
+                }
+
+                if ( dn.isDescendantOf( GROUP_BASE_DN ) )
+                {
+                    String msg = I18n.err( I18n.ERR_20, principalDn.getName(), dn.getName() );
+                    LOG.error( msg );
+                    throw new LdapNoPermissionException( msg );
+                }
+            }
+        }
     }
 
 
@@ -381,22 +445,6 @@ public class DefaultAuthorizationInterce
     }
 
 
-    public Entry lookup( LookupOperationContext lookupContext ) throws LdapException
-    {
-        CoreSession session = lookupContext.getSession();
-        Entry entry = next( lookupContext );
-
-        if ( session.getDirectoryService().isAccessControlEnabled() )
-        {
-            return entry;
-        }
-
-        protectLookUp( session.getEffectivePrincipal().getDn(), lookupContext.getDn() );
-
-        return entry;
-    }
-
-
     private void protectLookUp( Dn principalDn, Dn normalizedDn ) throws LdapException
     {
         if ( !isAnAdministrator( principalDn ) )
@@ -446,39 +494,6 @@ public class DefaultAuthorizationInterce
     }
 
 
-    public EntryFilteringCursor search( SearchOperationContext searchContext ) throws LdapException
-    {
-        EntryFilteringCursor cursor = next( searchContext );
-
-        if ( searchContext.getSession().getDirectoryService().isAccessControlEnabled() )
-        {
-            return cursor;
-        }
-
-        cursor.addEntryFilter( new DefaultAuthorizationSearchFilter() );
-
-        return cursor;
-    }
-
-
-    /**
-     * {@inheritDoc}
-     */
-    public EntryFilteringCursor list( ListOperationContext listContext ) throws LdapException
-    {
-        EntryFilteringCursor cursor = next( listContext );
-
-        if ( listContext.getSession().getDirectoryService().isAccessControlEnabled() )
-        {
-            return cursor;
-        }
-
-        cursor.addEntryFilter( new DefaultAuthorizationSearchFilter() );
-
-        return cursor;
-    }
-
-
     // False positive, we want to keep the comment
     @SuppressWarnings("PMD.CollapsibleIfStatements")
     private boolean isSearchable( OperationContext opContext, Entry entry ) throws Exception

Modified: directory/apacheds/trunk/interceptors/changelog/src/main/java/org/apache/directory/server/core/changelog/ChangeLogInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/changelog/src/main/java/org/apache/directory/server/core/changelog/ChangeLogInterceptor.java?rev=1200870&r1=1200869&r2=1200870&view=diff
==============================================================================
--- directory/apacheds/trunk/interceptors/changelog/src/main/java/org/apache/directory/server/core/changelog/ChangeLogInterceptor.java (original)
+++ directory/apacheds/trunk/interceptors/changelog/src/main/java/org/apache/directory/server/core/changelog/ChangeLogInterceptor.java Fri Nov 11 13:15:39 2011
@@ -96,6 +96,9 @@ public class ChangeLogInterceptor extend
     // -----------------------------------------------------------------------
     // Overridden (only change inducing) intercepted methods
     // -----------------------------------------------------------------------
+    /**
+     * {@inheritDoc}
+     */
     public void add( AddOperationContext addContext ) throws LdapException
     {
         next( addContext );
@@ -132,6 +135,9 @@ public class ChangeLogInterceptor extend
      * The delete operation has to be stored with a way to restore the deleted element.
      * There is no way to do that but reading the entry and dump it into the LOG.
      */
+    /**
+     * {@inheritDoc}
+     */
     public void delete( DeleteOperationContext deleteContext ) throws LdapException
     {
         // @todo make sure we're not putting in operational attributes that cannot be user modified
@@ -181,36 +187,7 @@ public class ChangeLogInterceptor extend
 
 
     /**
-     * Gets attributes required for modifications.
-     *
-     * @param dn the dn of the entry to get
-     * @return the entry's attributes (may be immutable if the schema subentry)
-     * @throws Exception on error accessing the entry's attributes
-     */
-    private Entry getAttributes( OperationContext opContext ) throws LdapException
-    {
-        Dn dn = opContext.getDn();
-        Entry serverEntry;
-
-        // @todo make sure we're not putting in operational attributes that cannot be user modified
-        if ( dn.equals( ServerDNConstants.CN_SCHEMA_DN ) )
-        {
-            return SchemaService.getSubschemaEntryCloned( directoryService );
-        }
-        else
-        {
-            CoreSession session = opContext.getSession();
-            LookupOperationContext lookupContext = new LookupOperationContext( session, dn );
-            lookupContext.setAttrsId( SchemaConstants.ALL_ATTRIBUTES_ARRAY );
-            serverEntry = directoryService.getPartitionNexus().lookup( lookupContext  );
-        }
-
-        return serverEntry;
-    }
-
-
-    /**
-     * 
+     * {@inheritDoc}
      */
     public void modify( ModifyOperationContext modifyContext ) throws LdapException
     {
@@ -285,24 +262,12 @@ public class ChangeLogInterceptor extend
     }
 
 
-    // -----------------------------------------------------------------------
-    // Though part left as an exercise (Not Any More!)
-    // -----------------------------------------------------------------------
-
-
-    public void rename ( RenameOperationContext renameContext ) throws LdapException
+    /**
+     * {@inheritDoc}
+     */
+    public void move( MoveOperationContext moveContext ) throws LdapException
     {
-        Entry serverEntry = null;
-
-        if ( renameContext.getEntry() != null )
-        {
-            serverEntry = ((ClonedServerEntry)renameContext.getEntry()).getOriginalEntry();
-        }
-
-        next( renameContext );
-
-        // After this point, the entry has been modified. The cloned entry contains
-        // the modified entry, the originalEntry has changed
+        next( moveContext );
 
         if ( !changeLog.isEnabled() )
         {
@@ -310,18 +275,18 @@ public class ChangeLogInterceptor extend
         }
 
         LdifEntry forward = new LdifEntry();
-        forward.setChangeType( ChangeType.ModRdn );
-        forward.setDn( renameContext.getDn() );
-        forward.setNewRdn( renameContext.getNewRdn().getName() );
-        forward.setDeleteOldRdn( renameContext.getDeleteOldRdn() );
-
-        List<LdifEntry> reverses = LdifRevertor.reverseRename(
-            serverEntry, renameContext.getNewRdn(), renameContext.getDeleteOldRdn() );
+        forward.setChangeType( ChangeType.ModDn );
+        forward.setDn( moveContext.getDn() );
+        forward.setNewSuperior( moveContext.getNewSuperior().getName() );
 
-        renameContext.setChangeLogEvent( changeLog.log( getPrincipal( renameContext ), forward, reverses ) );
+        LdifEntry reverse = LdifRevertor.reverseMove(moveContext.getNewSuperior(), moveContext.getDn());
+        moveContext.setChangeLogEvent( changeLog.log( getPrincipal( moveContext ), forward, reverse ) );
     }
 
 
+    /**
+     * {@inheritDoc}
+     */
     public void moveAndRename( MoveAndRenameOperationContext moveAndRenameContext ) throws LdapException
     {
         Entry serverEntry = null;
@@ -363,9 +328,19 @@ public class ChangeLogInterceptor extend
     /**
      * {@inheritDoc}
      */
-    public void move( MoveOperationContext moveContext ) throws LdapException
+    public void rename( RenameOperationContext renameContext ) throws LdapException
     {
-        next( moveContext );
+        Entry serverEntry = null;
+
+        if ( renameContext.getEntry() != null )
+        {
+            serverEntry = ((ClonedServerEntry)renameContext.getEntry()).getOriginalEntry();
+        }
+
+        next( renameContext );
+
+        // After this point, the entry has been modified. The cloned entry contains
+        // the modified entry, the originalEntry has changed
 
         if ( !changeLog.isEnabled() )
         {
@@ -373,11 +348,43 @@ public class ChangeLogInterceptor extend
         }
 
         LdifEntry forward = new LdifEntry();
-        forward.setChangeType( ChangeType.ModDn );
-        forward.setDn( moveContext.getDn() );
-        forward.setNewSuperior( moveContext.getNewSuperior().getName() );
+        forward.setChangeType( ChangeType.ModRdn );
+        forward.setDn( renameContext.getDn() );
+        forward.setNewRdn( renameContext.getNewRdn().getName() );
+        forward.setDeleteOldRdn( renameContext.getDeleteOldRdn() );
 
-        LdifEntry reverse = LdifRevertor.reverseMove(moveContext.getNewSuperior(), moveContext.getDn());
-        moveContext.setChangeLogEvent( changeLog.log( getPrincipal( moveContext ), forward, reverse ) );
+        List<LdifEntry> reverses = LdifRevertor.reverseRename(
+            serverEntry, renameContext.getNewRdn(), renameContext.getDeleteOldRdn() );
+
+        renameContext.setChangeLogEvent( changeLog.log( getPrincipal( renameContext ), forward, reverses ) );
+    }
+
+
+    /**
+     * Gets attributes required for modifications.
+     *
+     * @param dn the dn of the entry to get
+     * @return the entry's attributes (may be immutable if the schema subentry)
+     * @throws Exception on error accessing the entry's attributes
+     */
+    private Entry getAttributes( OperationContext opContext ) throws LdapException
+    {
+        Dn dn = opContext.getDn();
+        Entry serverEntry;
+
+        // @todo make sure we're not putting in operational attributes that cannot be user modified
+        if ( dn.equals( ServerDNConstants.CN_SCHEMA_DN ) )
+        {
+            return SchemaService.getSubschemaEntryCloned( directoryService );
+        }
+        else
+        {
+            CoreSession session = opContext.getSession();
+            LookupOperationContext lookupContext = new LookupOperationContext( session, dn );
+            lookupContext.setAttrsId( SchemaConstants.ALL_ATTRIBUTES_ARRAY );
+            serverEntry = directoryService.getPartitionNexus().lookup( lookupContext  );
+        }
+
+        return serverEntry;
     }
 }

Modified: directory/apacheds/trunk/interceptors/event/src/main/java/org/apache/directory/server/core/event/EventInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/event/src/main/java/org/apache/directory/server/core/event/EventInterceptor.java?rev=1200870&r1=1200869&r2=1200870&view=diff
==============================================================================
--- directory/apacheds/trunk/interceptors/event/src/main/java/org/apache/directory/server/core/event/EventInterceptor.java (original)
+++ directory/apacheds/trunk/interceptors/event/src/main/java/org/apache/directory/server/core/event/EventInterceptor.java Fri Nov 11 13:15:39 2011
@@ -238,31 +238,23 @@ public class EventInterceptor extends Ba
     /**
      * {@inheritDoc}
      */
-    public void rename( RenameOperationContext renameContext ) throws LdapException
+    public void move( MoveOperationContext moveContext ) throws LdapException
     {
-        Entry oriEntry = ((ClonedServerEntry)renameContext.getEntry()).getOriginalEntry();
-        List<RegistrationEntry> selecting = getSelectingRegistrations( renameContext.getDn(), oriEntry );
+        Entry oriEntry = moveContext.getOriginalEntry();
+        List<RegistrationEntry> selecting = getSelectingRegistrations( moveContext.getDn(), oriEntry );
 
-        next( renameContext );
+        next( moveContext );
 
         if ( selecting.isEmpty() )
         {
             return;
         }
 
-        // Get the modifed entry
-        CoreSession session = renameContext.getSession();
-        LookupOperationContext lookupContext = new LookupOperationContext( session, renameContext.getNewDn() );
-        lookupContext.setAttrsId( SchemaConstants.ALL_ATTRIBUTES_ARRAY );
-
-        Entry alteredEntry = directoryService.getPartitionNexus().lookup( lookupContext );
-        renameContext.setModifiedEntry( alteredEntry );
-
         for ( final RegistrationEntry registration : selecting )
         {
-            if ( EventType.isRename( registration.getCriteria().getEventMask() ) )
+            if ( EventType.isMove( registration.getCriteria().getEventMask() ) )
             {
-                fire( renameContext, EventType.RENAME, registration.getListener() );
+                fire( moveContext, EventType.MOVE, registration.getListener() );
             }
         }
     }
@@ -301,23 +293,31 @@ public class EventInterceptor extends Ba
     /**
      * {@inheritDoc}
      */
-    public void move( MoveOperationContext moveContext ) throws LdapException
+    public void rename( RenameOperationContext renameContext ) throws LdapException
     {
-        Entry oriEntry = moveContext.getOriginalEntry();
-        List<RegistrationEntry> selecting = getSelectingRegistrations( moveContext.getDn(), oriEntry );
+        Entry oriEntry = ((ClonedServerEntry)renameContext.getEntry()).getOriginalEntry();
+        List<RegistrationEntry> selecting = getSelectingRegistrations( renameContext.getDn(), oriEntry );
 
-        next( moveContext );
+        next( renameContext );
 
         if ( selecting.isEmpty() )
         {
             return;
         }
 
+        // Get the modifed entry
+        CoreSession session = renameContext.getSession();
+        LookupOperationContext lookupContext = new LookupOperationContext( session, renameContext.getNewDn() );
+        lookupContext.setAttrsId( SchemaConstants.ALL_ATTRIBUTES_ARRAY );
+
+        Entry alteredEntry = directoryService.getPartitionNexus().lookup( lookupContext );
+        renameContext.setModifiedEntry( alteredEntry );
+
         for ( final RegistrationEntry registration : selecting )
         {
-            if ( EventType.isMove( registration.getCriteria().getEventMask() ) )
+            if ( EventType.isRename( registration.getCriteria().getEventMask() ) )
             {
-                fire( moveContext, EventType.MOVE, registration.getListener() );
+                fire( renameContext, EventType.RENAME, registration.getListener() );
             }
         }
     }

Modified: directory/apacheds/trunk/interceptors/exception/src/main/java/org/apache/directory/server/core/exception/ExceptionInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/exception/src/main/java/org/apache/directory/server/core/exception/ExceptionInterceptor.java?rev=1200870&r1=1200869&r2=1200870&view=diff
==============================================================================
--- directory/apacheds/trunk/interceptors/exception/src/main/java/org/apache/directory/server/core/exception/ExceptionInterceptor.java (original)
+++ directory/apacheds/trunk/interceptors/exception/src/main/java/org/apache/directory/server/core/exception/ExceptionInterceptor.java Fri Nov 11 13:15:39 2011
@@ -236,7 +236,7 @@ public class ExceptionInterceptor extend
 
 
     /**
-     * Checks to see the base being searched exists, otherwise throws the appropriate LdapException.
+     * {@inheritDoc}
      */
     public Entry lookup( LookupOperationContext lookupContext ) throws LdapException
     {
@@ -257,7 +257,7 @@ public class ExceptionInterceptor extend
 
 
     /**
-     * Checks to see the entry being modified exists, otherwise throws the appropriate LdapException.
+     * {@inheritDoc}
      */
     public void modify( ModifyOperationContext modifyContext ) throws LdapException
     {
@@ -294,93 +294,92 @@ public class ExceptionInterceptor extend
 
 
     /**
-     * Checks to see the entry being renamed exists, otherwise throws the appropriate LdapException.
+     * {@inheritDoc}
      */
-    public void rename( RenameOperationContext renameContext ) throws LdapException
+    public void move( MoveOperationContext moveContext ) throws LdapException
     {
-        Dn dn = renameContext.getDn();
+        Dn oriChildName = moveContext.getDn();
 
-        if ( dn.equals( subschemSubentryDn ) )
+        if ( oriChildName.equals( subschemSubentryDn ) )
         {
-            throw new LdapUnwillingToPerformException( ResultCodeEnum.UNWILLING_TO_PERFORM, I18n.err( I18n.ERR_255,
+            throw new LdapUnwillingToPerformException( ResultCodeEnum.UNWILLING_TO_PERFORM, I18n.err( I18n.ERR_258,
                 subschemSubentryDn, subschemSubentryDn ) );
         }
 
-        // check to see if target entry exists
-        Dn newDn = renameContext.getNewDn();
-
-        if ( nexus.hasEntry( new EntryOperationContext( renameContext.getSession(), newDn ) ) )
-        {
-            LdapEntryAlreadyExistsException e;
-            e = new LdapEntryAlreadyExistsException( I18n.err( I18n.ERR_250_ENTRY_ALREADY_EXISTS, newDn.getName() ) );
-            //e.setResolvedName( DNFactory.create( newDn.getName() ) );
-            throw e;
-        }
+        next( moveContext );
 
-        // Remove the previous entry from the notAnAlias cache
+        // Remove the original entry from the NotAlias cache, if needed
         synchronized ( notAliasCache )
         {
-            if ( notAliasCache.containsKey( dn.getNormName() ) )
+            if ( notAliasCache.containsKey( oriChildName.getNormName() ) )
             {
-                notAliasCache.remove( dn.getNormName() );
+                notAliasCache.remove( oriChildName.getNormName() );
             }
         }
-
-        next( renameContext );
     }
 
 
     /**
      * {@inheritDoc}
      */
-    public void move( MoveOperationContext moveContext ) throws LdapException
+    public void moveAndRename( MoveAndRenameOperationContext moveAndRenameContext ) throws LdapException
     {
-        Dn oriChildName = moveContext.getDn();
+        Dn oldDn = moveAndRenameContext.getDn();
 
-        if ( oriChildName.equals( subschemSubentryDn ) )
+        // Don't allow M&R in the SSSE
+        if ( oldDn.equals( subschemSubentryDn ) )
         {
             throw new LdapUnwillingToPerformException( ResultCodeEnum.UNWILLING_TO_PERFORM, I18n.err( I18n.ERR_258,
                 subschemSubentryDn, subschemSubentryDn ) );
         }
 
-        next( moveContext );
-
         // Remove the original entry from the NotAlias cache, if needed
         synchronized ( notAliasCache )
         {
-            if ( notAliasCache.containsKey( oriChildName.getNormName() ) )
+            if ( notAliasCache.containsKey( oldDn.getNormName() ) )
             {
-                notAliasCache.remove( oriChildName.getNormName() );
+                notAliasCache.remove( oldDn.getNormName() );
             }
         }
+
+        next( moveAndRenameContext );
     }
 
 
     /**
-     * Checks to see the entry being moved exists, and so does its parent, otherwise throws the appropriate
-     * LdapException.
+     * {@inheritDoc}
      */
-    public void moveAndRename( MoveAndRenameOperationContext moveAndRenameContext ) throws LdapException
+    public void rename( RenameOperationContext renameContext ) throws LdapException
     {
-        Dn oldDn = moveAndRenameContext.getDn();
+        Dn dn = renameContext.getDn();
 
-        // Don't allow M&R in the SSSE
-        if ( oldDn.equals( subschemSubentryDn ) )
+        if ( dn.equals( subschemSubentryDn ) )
         {
-            throw new LdapUnwillingToPerformException( ResultCodeEnum.UNWILLING_TO_PERFORM, I18n.err( I18n.ERR_258,
+            throw new LdapUnwillingToPerformException( ResultCodeEnum.UNWILLING_TO_PERFORM, I18n.err( I18n.ERR_255,
                 subschemSubentryDn, subschemSubentryDn ) );
         }
 
-        // Remove the original entry from the NotAlias cache, if needed
+        // check to see if target entry exists
+        Dn newDn = renameContext.getNewDn();
+
+        if ( nexus.hasEntry( new EntryOperationContext( renameContext.getSession(), newDn ) ) )
+        {
+            LdapEntryAlreadyExistsException e;
+            e = new LdapEntryAlreadyExistsException( I18n.err( I18n.ERR_250_ENTRY_ALREADY_EXISTS, newDn.getName() ) );
+            //e.setResolvedName( DNFactory.create( newDn.getName() ) );
+            throw e;
+        }
+
+        // Remove the previous entry from the notAnAlias cache
         synchronized ( notAliasCache )
         {
-            if ( notAliasCache.containsKey( oldDn.getNormName() ) )
+            if ( notAliasCache.containsKey( dn.getNormName() ) )
             {
-                notAliasCache.remove( oldDn.getNormName() );
+                notAliasCache.remove( dn.getNormName() );
             }
         }
 
-        next( moveAndRenameContext );
+        next( renameContext );
     }
 
 

Modified: directory/apacheds/trunk/interceptors/hash/src/main/java/org/apache/directory/server/core/hash/PasswordHashingInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/hash/src/main/java/org/apache/directory/server/core/hash/PasswordHashingInterceptor.java?rev=1200870&r1=1200869&r2=1200870&view=diff
==============================================================================
--- directory/apacheds/trunk/interceptors/hash/src/main/java/org/apache/directory/server/core/hash/PasswordHashingInterceptor.java (original)
+++ directory/apacheds/trunk/interceptors/hash/src/main/java/org/apache/directory/server/core/hash/PasswordHashingInterceptor.java Fri Nov 11 13:15:39 2011
@@ -63,7 +63,7 @@ public class PasswordHashingInterceptor 
      * Creates a new instance of PasswordHashingInterceptor which hashes the
      * incoming non-hashed password using the given algorithm.
      * If the password is found already hashed then it will skip hashing it.
-     *  
+     * 
      * @param algorithm the name of the algorithm to be used
      */
     public PasswordHashingInterceptor( LdapSecurityConstants algorithm )
@@ -72,7 +72,9 @@ public class PasswordHashingInterceptor 
     }
 
 
-    @Override
+    /**
+     * {@inheritDoc}
+     */
     public void add( AddOperationContext addContext ) throws LdapException
     {
         if ( algorithm == null )
@@ -91,7 +93,9 @@ public class PasswordHashingInterceptor 
     }
 
 
-    @Override
+    /**
+     * {@inheritDoc}
+     */
     public void modify( ModifyOperationContext modifyContext ) throws LdapException
     {
         if ( algorithm == null )
@@ -106,7 +110,7 @@ public class PasswordHashingInterceptor 
         {
             String oid = mod.getAttribute().getAttributeType().getOid();
 
-            // check for modification on 'userPassword' AT 
+            // check for modification on 'userPassword' AT
             if ( SchemaConstants.USER_PASSWORD_AT_OID.equals( oid ) )
             {
                 includeHashedPassword( mod.getAttribute() );

Modified: directory/apacheds/trunk/interceptors/journal/src/main/java/org/apache/directory/server/core/journal/JournalInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/journal/src/main/java/org/apache/directory/server/core/journal/JournalInterceptor.java?rev=1200870&r1=1200869&r2=1200870&view=diff
==============================================================================
--- directory/apacheds/trunk/interceptors/journal/src/main/java/org/apache/directory/server/core/journal/JournalInterceptor.java (original)
+++ directory/apacheds/trunk/interceptors/journal/src/main/java/org/apache/directory/server/core/journal/JournalInterceptor.java Fri Nov 11 13:15:39 2011
@@ -239,7 +239,7 @@ public class JournalInterceptor extends 
     /**
      * {@inheritDoc}
      */
-    public void rename ( RenameOperationContext renameContext ) throws LdapException
+    public void move( MoveOperationContext moveContext ) throws LdapException
     {
         long opRevision = 0;
 
@@ -247,19 +247,18 @@ public class JournalInterceptor extends 
         {
             opRevision = revision.incrementAndGet();
 
-            // Store the renamed entry
+            // Store the moved entry
             LdifEntry ldif = new LdifEntry();
-            ldif.setChangeType( ChangeType.ModRdn );
-            ldif.setDn( renameContext.getDn() );
-            ldif.setNewRdn( renameContext.getNewRdn().getNormName() );
-            ldif.setDeleteOldRdn( renameContext.getDeleteOldRdn() );
+            ldif.setChangeType( ChangeType.ModDn );
+            ldif.setDn( moveContext.getDn() );
+            ldif.setNewSuperior( moveContext.getNewSuperior().getNormName() );
 
-            journal.log( getPrincipal( renameContext ), opRevision, ldif );
+            journal.log( getPrincipal( moveContext ), opRevision, ldif );
         }
 
         try
         {
-            next( renameContext );
+            next( moveContext );
 
             if ( journalEnabled )
             {
@@ -328,7 +327,7 @@ public class JournalInterceptor extends 
     /**
      * {@inheritDoc}
      */
-    public void move( MoveOperationContext moveContext ) throws LdapException
+    public void rename( RenameOperationContext renameContext ) throws LdapException
     {
         long opRevision = 0;
 
@@ -336,18 +335,19 @@ public class JournalInterceptor extends 
         {
             opRevision = revision.incrementAndGet();
 
-            // Store the moved entry
+            // Store the renamed entry
             LdifEntry ldif = new LdifEntry();
-            ldif.setChangeType( ChangeType.ModDn );
-            ldif.setDn( moveContext.getDn() );
-            ldif.setNewSuperior( moveContext.getNewSuperior().getNormName() );
+            ldif.setChangeType( ChangeType.ModRdn );
+            ldif.setDn( renameContext.getDn() );
+            ldif.setNewRdn( renameContext.getNewRdn().getNormName() );
+            ldif.setDeleteOldRdn( renameContext.getDeleteOldRdn() );
 
-            journal.log( getPrincipal( moveContext ), opRevision, ldif );
+            journal.log( getPrincipal( renameContext ), opRevision, ldif );
         }
 
         try
         {
-            next( moveContext );
+            next( renameContext );
 
             if ( journalEnabled )
             {

Modified: directory/apacheds/trunk/interceptors/logger/src/main/java/org/apache/directory/server/core/logger/TimerInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/logger/src/main/java/org/apache/directory/server/core/logger/TimerInterceptor.java?rev=1200870&r1=1200869&r2=1200870&view=diff
==============================================================================
--- directory/apacheds/trunk/interceptors/logger/src/main/java/org/apache/directory/server/core/logger/TimerInterceptor.java (original)
+++ directory/apacheds/trunk/interceptors/logger/src/main/java/org/apache/directory/server/core/logger/TimerInterceptor.java Fri Nov 11 13:15:39 2011
@@ -142,6 +142,31 @@ public class TimerInterceptor extends Ba
     /**
      * {@inheritDoc}
      */
+    public void init( DirectoryService directoryService ) throws LdapException
+    {
+    }
+
+
+    /**
+     * {@inheritDoc}
+     */
+    public void destroy()
+    {
+    }
+
+
+    /**
+     * {@inheritDoc}
+     */
+    public String getName()
+    {
+        return name;
+    }
+
+
+    /**
+     * {@inheritDoc}
+     */
     public void add( AddOperationContext addContext ) throws LdapException
     {
         long t0 = System.nanoTime();
@@ -256,23 +281,6 @@ public class TimerInterceptor extends Ba
     /**
      * {@inheritDoc}
      */
-    public void destroy()
-    {
-    }
-
-
-    /**
-     * {@inheritDoc}
-     */
-    public String getName()
-    {
-        return name;
-    }
-
-
-    /**
-     * {@inheritDoc}
-     */
     public Entry getRootDSE( GetRootDSEOperationContext getRootDseContext ) throws LdapException
     {
         long t0 = System.nanoTime();
@@ -333,14 +341,6 @@ public class TimerInterceptor extends Ba
     /**
      * {@inheritDoc}
      */
-    public void init( DirectoryService directoryService ) throws LdapException
-    {
-    }
-
-
-    /**
-     * {@inheritDoc}
-     */
     public EntryFilteringCursor list( ListOperationContext listContext ) throws LdapException
     {
         long t0 = System.nanoTime();

Modified: directory/apacheds/trunk/interceptors/normalization/src/main/java/org/apache/directory/server/core/normalization/NormalizationInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/normalization/src/main/java/org/apache/directory/server/core/normalization/NormalizationInterceptor.java?rev=1200870&r1=1200869&r2=1200870&view=diff
==============================================================================
--- directory/apacheds/trunk/interceptors/normalization/src/main/java/org/apache/directory/server/core/normalization/NormalizationInterceptor.java (original)
+++ directory/apacheds/trunk/interceptors/normalization/src/main/java/org/apache/directory/server/core/normalization/NormalizationInterceptor.java Fri Nov 11 13:15:39 2011
@@ -118,6 +118,49 @@ public class NormalizationInterceptor ex
     /**
      * {@inheritDoc}
      */
+    public void bind( BindOperationContext bindContext ) throws LdapException
+    {
+        bindContext.getDn().apply( schemaManager );
+        next( bindContext );
+    }
+
+
+    /**
+     * {@inheritDoc}
+     */
+    public boolean compare( CompareOperationContext compareContext ) throws LdapException
+    {
+        if ( !compareContext.getDn().isSchemaAware() )
+        {
+            compareContext.getDn().apply( schemaManager );
+        }
+
+        // Get the attributeType from the OID
+        try
+        {
+            AttributeType attributeType = schemaManager.lookupAttributeTypeRegistry( compareContext.getOid() );
+
+            // Translate the value from binary to String if the AT is HR
+            if ( attributeType.getSyntax().isHumanReadable() && ( !compareContext.getValue().isHumanReadable() ) )
+            {
+                String value = compareContext.getValue().getString();
+                compareContext.setValue( new StringValue( value ) );
+            }
+
+            compareContext.setAttributeType( attributeType );
+        }
+        catch ( LdapException le )
+        {
+            throw new LdapInvalidAttributeTypeException( I18n.err( I18n.ERR_266, compareContext.getOid() ) );
+        }
+
+        return next( compareContext );
+    }
+
+
+    /**
+     * {@inheritDoc}
+     */
     public void delete( DeleteOperationContext deleteContext ) throws LdapException
     {
         Dn dn = deleteContext.getDn();
@@ -134,47 +177,64 @@ public class NormalizationInterceptor ex
     /**
      * {@inheritDoc}
      */
-    public void modify( ModifyOperationContext modifyContext ) throws LdapException
+    public boolean hasEntry( EntryOperationContext hasEntryContext ) throws LdapException
     {
-        if ( !modifyContext.getDn().isSchemaAware() )
-        {
-            modifyContext.getDn().apply( schemaManager );
-        }
+        hasEntryContext.getDn().apply( schemaManager );
 
-        if ( modifyContext.getModItems() != null )
-        {
-            for ( Modification modification : modifyContext.getModItems() )
-            {
-                AttributeType attributeType = schemaManager.getAttributeType( modification.getAttribute().getId() );
-                modification.apply( attributeType );
-            }
-        }
+        return next( hasEntryContext );
+    }
 
-        next( modifyContext );
+
+    /**
+     * {@inheritDoc}
+     */
+    public EntryFilteringCursor list( ListOperationContext listContext ) throws LdapException
+    {
+        listContext.getDn().apply( schemaManager );
+
+        return next( listContext );
     }
 
 
     /**
      * {@inheritDoc}
      */
-    public void rename( RenameOperationContext renameContext ) throws LdapException
+    public Entry lookup( LookupOperationContext lookupContext ) throws LdapException
     {
-        // Normalize the new Rdn and the Dn if needed
+        lookupContext.getDn().apply( schemaManager );
 
-        if ( !renameContext.getDn().isSchemaAware() )
+        List<String> attrIds = lookupContext.getAttrsId();
+
+        if ( ( attrIds != null ) && ( attrIds.size() > 0 ) )
         {
-            renameContext.getDn().apply( schemaManager );
+            // We have to normalize the requested IDs
+            lookupContext.setAttrsId( normalizeAttrsId( lookupContext.getAttrsIdArray() ) );
         }
 
-        renameContext.getNewRdn().apply( schemaManager );
+        return next( lookupContext );
+    }
 
-        if ( !renameContext.getNewDn().isSchemaAware() )
+
+    /**
+     * {@inheritDoc}
+     */
+    public void modify( ModifyOperationContext modifyContext ) throws LdapException
+    {
+        if ( !modifyContext.getDn().isSchemaAware() )
         {
-            renameContext.getNewDn().apply( schemaManager );
+            modifyContext.getDn().apply( schemaManager );
         }
 
-        // Push to the next interceptor
-        next( renameContext );
+        if ( modifyContext.getModItems() != null )
+        {
+            for ( Modification modification : modifyContext.getModItems() )
+            {
+                AttributeType attributeType = schemaManager.getAttributeType( modification.getAttribute().getId() );
+                modification.apply( attributeType );
+            }
+        }
+
+        next( modifyContext );
     }
 
 
@@ -244,6 +304,30 @@ public class NormalizationInterceptor ex
     /**
      * {@inheritDoc}
      */
+    public void rename( RenameOperationContext renameContext ) throws LdapException
+    {
+        // Normalize the new Rdn and the Dn if needed
+
+        if ( !renameContext.getDn().isSchemaAware() )
+        {
+            renameContext.getDn().apply( schemaManager );
+        }
+
+        renameContext.getNewRdn().apply( schemaManager );
+
+        if ( !renameContext.getNewDn().isSchemaAware() )
+        {
+            renameContext.getNewDn().apply( schemaManager );
+        }
+
+        // Push to the next interceptor
+        next( renameContext );
+    }
+
+
+    /**
+     * {@inheritDoc}
+     */
     public EntryFilteringCursor search( SearchOperationContext searchContext ) throws LdapException
     {
         Dn dn = searchContext.getDn();
@@ -282,28 +366,6 @@ public class NormalizationInterceptor ex
     /**
      * {@inheritDoc}
      */
-    public boolean hasEntry( EntryOperationContext hasEntryContext ) throws LdapException
-    {
-        hasEntryContext.getDn().apply( schemaManager );
-
-        return next( hasEntryContext );
-    }
-
-
-    /**
-     * {@inheritDoc}
-     */
-    public EntryFilteringCursor list( ListOperationContext listContext ) throws LdapException
-    {
-        listContext.getDn().apply( schemaManager );
-
-        return next( listContext );
-    }
-
-
-    /**
-     * {@inheritDoc}
-     */
     private String[] normalizeAttrsId( String[] attrIds ) throws LdapException
     {
         if ( attrIds == null )
@@ -324,72 +386,10 @@ public class NormalizationInterceptor ex
     }
 
 
-    /**
-     * {@inheritDoc}
-     */
-    public Entry lookup( LookupOperationContext lookupContext ) throws LdapException
-    {
-        lookupContext.getDn().apply( schemaManager );
-
-        List<String> attrIds = lookupContext.getAttrsId();
-
-        if ( ( attrIds != null ) && ( attrIds.size() > 0 ) )
-        {
-            // We have to normalize the requested IDs
-            lookupContext.setAttrsId( normalizeAttrsId( lookupContext.getAttrsIdArray() ) );
-        }
-
-        return next( lookupContext );
-    }
-
-
     // ------------------------------------------------------------------------
     // Normalize all Name based arguments for other interface operations
     // ------------------------------------------------------------------------
     /**
-     * {@inheritDoc}
-     */
-    public boolean compare( CompareOperationContext compareContext ) throws LdapException
-    {
-        if ( !compareContext.getDn().isSchemaAware() )
-        {
-            compareContext.getDn().apply( schemaManager );
-        }
-
-        // Get the attributeType from the OID
-        try
-        {
-            AttributeType attributeType = schemaManager.lookupAttributeTypeRegistry( compareContext.getOid() );
-
-            // Translate the value from binary to String if the AT is HR
-            if ( attributeType.getSyntax().isHumanReadable() && ( !compareContext.getValue().isHumanReadable() ) )
-            {
-                String value = compareContext.getValue().getString();
-                compareContext.setValue( new StringValue( value ) );
-            }
-
-            compareContext.setAttributeType( attributeType );
-        }
-        catch ( LdapException le )
-        {
-            throw new LdapInvalidAttributeTypeException( I18n.err( I18n.ERR_266, compareContext.getOid() ) );
-        }
-
-        return next( compareContext );
-    }
-
-
-    /**
-     * {@inheritDoc}
-     */
-    public void bind( BindOperationContext bindContext ) throws LdapException
-    {
-        bindContext.getDn().apply( schemaManager );
-        next( bindContext );
-    }
-
-
-    /**
      * Adds missing Rdn's attributes and values to the entry.
      *
      * @param dn the Dn

Modified: directory/apacheds/trunk/interceptors/operational/src/main/java/org/apache/directory/server/core/operational/OperationalAttributeInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/operational/src/main/java/org/apache/directory/server/core/operational/OperationalAttributeInterceptor.java?rev=1200870&r1=1200869&r2=1200870&view=diff
==============================================================================
--- directory/apacheds/trunk/interceptors/operational/src/main/java/org/apache/directory/server/core/operational/OperationalAttributeInterceptor.java (original)
+++ directory/apacheds/trunk/interceptors/operational/src/main/java/org/apache/directory/server/core/operational/OperationalAttributeInterceptor.java Fri Nov 11 13:15:39 2011
@@ -79,6 +79,16 @@ public class OperationalAttributeInterce
     /** The LoggerFactory used by this Interceptor */
     private static Logger LOG = LoggerFactory.getLogger( OperationalAttributeInterceptor.class );
 
+    private final EntryFilter DENORMALIZING_SEARCH_FILTER = new OperationalAttributeDenormalizingSearchFilter();
+
+    private final EntryFilter SEARCH_FILTER = new OperationalAttributeSearchFilter();
+
+    /** The subschemasubentry Dn */
+    private Dn subschemaSubentryDn;
+
+    /** The admin Dn */
+    private Dn adminDn;
+
     /**
      * the search result filter to use for collective attribute injection
      */
@@ -94,8 +104,7 @@ public class OperationalAttributeInterce
             return filterDenormalized( entry );
         }
     }
-
-    private final EntryFilter DENORMALIZING_SEARCH_FILTER = new OperationalAttributeDenormalizingSearchFilter();
+    
 
     /**
      * the database search result filter to register with filter service
@@ -108,15 +117,8 @@ public class OperationalAttributeInterce
                 || filterOperationalAttributes( entry );
         }
     }
-
-    private final EntryFilter SEARCH_FILTER = new OperationalAttributeSearchFilter();
-
-    /** The subschemasubentry Dn */
-    private Dn subschemaSubentryDn;
-
-    /** The admin Dn */
-    private Dn adminDn;
-
+    
+    
     /**
      * Creates the operational attribute management service interceptor.
      */
@@ -179,6 +181,9 @@ public class OperationalAttributeInterce
      * - entryCSN
      * - entryUUID
      */
+    /**
+     * {@inheritDoc}
+     */
     public void add( AddOperationContext addContext ) throws LdapException
     {
         String principal = getPrincipal( addContext ).getName();
@@ -234,6 +239,40 @@ public class OperationalAttributeInterce
     /**
      * {@inheritDoc}
      */
+    public EntryFilteringCursor list( ListOperationContext listContext ) throws LdapException
+    {
+        EntryFilteringCursor cursor = next( listContext );
+        cursor.addEntryFilter( SEARCH_FILTER );
+
+        return cursor;
+    }
+
+
+    /**
+     * {@inheritDoc}
+     */
+    public Entry lookup( LookupOperationContext lookupContext ) throws LdapException
+    {
+        Entry result = next( lookupContext );
+
+        if ( lookupContext.getAttrsId() == null )
+        {
+            filterOperationalAttributes( result );
+        }
+        else if ( !lookupContext.hasAllOperational() )
+        {
+            filter( lookupContext, result );
+        }
+
+        denormalizeEntryOpAttrs( result );
+
+        return result;
+    }
+
+
+    /**
+     * {@inheritDoc}
+     */
     public void modify( ModifyOperationContext modifyContext ) throws LdapException
     {
         // We must check that the user hasn't injected either the modifiersName
@@ -343,22 +382,6 @@ public class OperationalAttributeInterce
     }
 
 
-    public void rename( RenameOperationContext renameContext ) throws LdapException
-    {
-        Entry entry = ( ( ClonedServerEntry ) renameContext.getEntry() ).getClonedEntry();
-        entry.put( SchemaConstants.MODIFIERS_NAME_AT, getPrincipal( renameContext ).getName() );
-        entry.put( SchemaConstants.MODIFY_TIMESTAMP_AT, DateUtils.getGeneralizedTime() );
-
-        Entry modifiedEntry = renameContext.getOriginalEntry().clone();
-        modifiedEntry.put( SchemaConstants.MODIFIERS_NAME_AT, getPrincipal( renameContext ).getName() );
-        modifiedEntry.put( SchemaConstants.MODIFY_TIMESTAMP_AT, DateUtils.getGeneralizedTime() );
-        //modifiedEntry.setDn( renameContext.getNewDn() );
-        renameContext.setModifiedEntry( modifiedEntry );
-
-        next( renameContext );
-    }
-
-
     /**
      * {@inheritDoc}
      */
@@ -374,6 +397,9 @@ public class OperationalAttributeInterce
     }
 
 
+    /**
+     * {@inheritDoc}
+     */
     public void moveAndRename( MoveAndRenameOperationContext moveAndRenameContext ) throws LdapException
     {
         Entry modifiedEntry = moveAndRenameContext.getOriginalEntry().clone();
@@ -386,34 +412,28 @@ public class OperationalAttributeInterce
     }
 
 
-    public Entry lookup( LookupOperationContext lookupContext ) throws LdapException
+    /**
+     * {@inheritDoc}
+     */
+    public void rename( RenameOperationContext renameContext ) throws LdapException
     {
-        Entry result = next( lookupContext );
-
-        if ( lookupContext.getAttrsId() == null )
-        {
-            filterOperationalAttributes( result );
-        }
-        else if ( !lookupContext.hasAllOperational() )
-        {
-            filter( lookupContext, result );
-        }
-
-        denormalizeEntryOpAttrs( result );
-
-        return result;
-    }
-
+        Entry entry = ( ( ClonedServerEntry ) renameContext.getEntry() ).getClonedEntry();
+        entry.put( SchemaConstants.MODIFIERS_NAME_AT, getPrincipal( renameContext ).getName() );
+        entry.put( SchemaConstants.MODIFY_TIMESTAMP_AT, DateUtils.getGeneralizedTime() );
 
-    public EntryFilteringCursor list( ListOperationContext listContext ) throws LdapException
-    {
-        EntryFilteringCursor cursor = next( listContext );
-        cursor.addEntryFilter( SEARCH_FILTER );
+        Entry modifiedEntry = renameContext.getOriginalEntry().clone();
+        modifiedEntry.put( SchemaConstants.MODIFIERS_NAME_AT, getPrincipal( renameContext ).getName() );
+        modifiedEntry.put( SchemaConstants.MODIFY_TIMESTAMP_AT, DateUtils.getGeneralizedTime() );
+        //modifiedEntry.setDn( renameContext.getNewDn() );
+        renameContext.setModifiedEntry( modifiedEntry );
 
-        return cursor;
+        next( renameContext );
     }
 
 
+    /**
+     * {@inheritDoc}
+     */
     public EntryFilteringCursor search( SearchOperationContext searchContext ) throws LdapException
     {
         EntryFilteringCursor cursor = next( searchContext );

Modified: directory/apacheds/trunk/interceptors/referral/src/main/java/org/apache/directory/server/core/referral/ReferralInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/referral/src/main/java/org/apache/directory/server/core/referral/ReferralInterceptor.java?rev=1200870&r1=1200869&r2=1200870&view=diff
==============================================================================
--- directory/apacheds/trunk/interceptors/referral/src/main/java/org/apache/directory/server/core/referral/ReferralInterceptor.java (original)
+++ directory/apacheds/trunk/interceptors/referral/src/main/java/org/apache/directory/server/core/referral/ReferralInterceptor.java Fri Nov 11 13:15:39 2011
@@ -224,6 +224,9 @@ public class ReferralInterceptor extends
      * entryAlreadyExists error.
      * 
      */
+    /**
+     * {@inheritDoc}
+     */
     public void add( AddOperationContext addContext ) throws LdapException
     {
         Entry entry = addContext.getEntry();
@@ -260,6 +263,9 @@ public class ReferralInterceptor extends
      * 
      * If the entry does not exist in the server, we will get a NoSuchObject error
      */
+    /**
+     * {@inheritDoc}
+     */
     public void delete( DeleteOperationContext deleteContext ) throws LdapException
     {
         // First delete the entry into the server
@@ -283,6 +289,52 @@ public class ReferralInterceptor extends
 
     /**
      * {@inheritDoc}
+     */
+    public void modify( ModifyOperationContext modifyContext ) throws LdapException
+    {
+        Dn dn = modifyContext.getDn();
+
+        // handle a normal modify without following referrals
+        next( modifyContext );
+
+        // Check if we are trying to modify the schema or the rootDSE,
+        // if so, we don't modify the referralManager
+        if ( dn.isEmpty() || dn.equals( subschemaSubentryDn ) )
+        {
+            // Do nothing
+            return;
+        }
+
+        // Update the referralManager. We have to read the entry again
+        // as it has been modified, before updating the ReferralManager
+        // TODO: this can be spare, as we already have the altered entry
+        // into the opContext, but for an unknow reason, this will fail
+        // on eferral tests...
+        LookupOperationContext lookupContext = new LookupOperationContext( modifyContext.getSession(), dn );
+        lookupContext.setAttrsId( SchemaConstants.ALL_ATTRIBUTES_ARRAY );
+
+        Entry newEntry = nexus.lookup( lookupContext );
+
+        // Update the referralManager.
+        // Check that we have the entry, just in case
+        // TODO : entries should be locked until the operation is done on it.
+        if ( newEntry != null )
+        {
+            referralManager.lockWrite();
+
+            if ( referralManager.isReferral( newEntry.getDn() ) )
+            {
+                referralManager.removeReferral( modifyContext.getEntry() );
+                referralManager.addReferral( newEntry );
+            }
+
+            referralManager.unlock();
+        }
+    }
+
+
+    /**
+     * {@inheritDoc}
      **/
     public void move( MoveOperationContext moveContext ) throws LdapException
     {
@@ -358,50 +410,4 @@ public class ReferralInterceptor extends
             referralManager.unlock();
         }
     }
-
-
-    /**
-     * Modify an entry in the server.
-     */
-    public void modify( ModifyOperationContext modifyContext ) throws LdapException
-    {
-        Dn dn = modifyContext.getDn();
-
-        // handle a normal modify without following referrals
-        next( modifyContext );
-
-        // Check if we are trying to modify the schema or the rootDSE,
-        // if so, we don't modify the referralManager
-        if ( dn.isEmpty() || dn.equals( subschemaSubentryDn ) )
-        {
-            // Do nothing
-            return;
-        }
-
-        // Update the referralManager. We have to read the entry again
-        // as it has been modified, before updating the ReferralManager
-        // TODO: this can be spare, as we already have the altered entry
-        // into the opContext, but for an unknow reason, this will fail
-        // on eferral tests...
-        LookupOperationContext lookupContext = new LookupOperationContext( modifyContext.getSession(), dn );
-        lookupContext.setAttrsId( SchemaConstants.ALL_ATTRIBUTES_ARRAY );
-
-        Entry newEntry = nexus.lookup( lookupContext );
-
-        // Update the referralManager.
-        // Check that we have the entry, just in case
-        // TODO : entries should be locked until the operation is done on it.
-        if ( newEntry != null )
-        {
-            referralManager.lockWrite();
-
-            if ( referralManager.isReferral( newEntry.getDn() ) )
-            {
-                referralManager.removeReferral( modifyContext.getEntry() );
-                referralManager.addReferral( newEntry );
-            }
-
-            referralManager.unlock();
-        }
-    }
 }



Mime
View raw message