directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From elecha...@apache.org
Subject svn commit: r1201297 [6/9] - in /directory/apacheds/branches/apacheds-txns: all/ apache-felix/ core-annotations/ core-api/ core-api/src/main/java/org/apache/directory/server/core/api/ core-api/src/main/java/org/apache/directory/server/core/api/intercep...
Date Sat, 12 Nov 2011 18:24:43 GMT
Modified: directory/apacheds/branches/apacheds-txns/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/AciAuthorizationInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-txns/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/AciAuthorizationInterceptor.java?rev=1201297&r1=1201296&r2=1201297&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-txns/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/AciAuthorizationInterceptor.java (original)
+++ directory/apacheds/branches/apacheds-txns/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/AciAuthorizationInterceptor.java Sat Nov 12 18:24:38 2011
@@ -31,21 +31,19 @@ import java.util.Set;
 import javax.naming.directory.SearchControls;
 
 import org.apache.directory.server.constants.ServerDNConstants;
-import org.apache.directory.server.core.shared.DefaultCoreSession;
-import org.apache.directory.server.core.api.subtree.SubentryUtils;
 import org.apache.directory.server.core.api.CoreSession;
 import org.apache.directory.server.core.api.DirectoryService;
+import org.apache.directory.server.core.api.InterceptorEnum;
 import org.apache.directory.server.core.api.LdapPrincipal;
 import org.apache.directory.server.core.api.entry.ClonedServerEntry;
 import org.apache.directory.server.core.api.entry.ServerEntryUtils;
 import org.apache.directory.server.core.api.filtering.EntryFilter;
 import org.apache.directory.server.core.api.filtering.EntryFilteringCursor;
 import org.apache.directory.server.core.api.interceptor.BaseInterceptor;
-import org.apache.directory.server.core.api.interceptor.NextInterceptor;
 import org.apache.directory.server.core.api.interceptor.context.AddOperationContext;
 import org.apache.directory.server.core.api.interceptor.context.CompareOperationContext;
 import org.apache.directory.server.core.api.interceptor.context.DeleteOperationContext;
-import org.apache.directory.server.core.api.interceptor.context.EntryOperationContext;
+import org.apache.directory.server.core.api.interceptor.context.HasEntryOperationContext;
 import org.apache.directory.server.core.api.interceptor.context.ListOperationContext;
 import org.apache.directory.server.core.api.interceptor.context.LookupOperationContext;
 import org.apache.directory.server.core.api.interceptor.context.ModifyOperationContext;
@@ -56,8 +54,10 @@ import org.apache.directory.server.core.
 import org.apache.directory.server.core.api.interceptor.context.SearchOperationContext;
 import org.apache.directory.server.core.api.interceptor.context.SearchingOperationContext;
 import org.apache.directory.server.core.api.partition.PartitionNexus;
+import org.apache.directory.server.core.api.subtree.SubentryUtils;
 import org.apache.directory.server.core.authz.support.ACDFEngine;
 import org.apache.directory.server.core.authz.support.AciContext;
+import org.apache.directory.server.core.shared.DefaultCoreSession;
 import org.apache.directory.server.i18n.I18n;
 import org.apache.directory.shared.ldap.aci.ACIItem;
 import org.apache.directory.shared.ldap.aci.ACIItemParser;
@@ -169,6 +169,15 @@ public class AciAuthorizationInterceptor
     /** The SubentryUtils instance */
     private static SubentryUtils subentryUtils;
 
+    
+    /**
+     * Create a AciAuthorizationInterceptor instance
+     */
+    public AciAuthorizationInterceptor()
+    {
+        super( InterceptorEnum.ACI_AUTHORIZATION_INTERCEPTOR );
+    }
+    
 
     /**
      * Load the Tuples into the cache
@@ -288,7 +297,7 @@ public class AciAuthorizationInterceptor
         engine = new ACDFEngine( schemaManager );
 
         // stuff for dealing with subentries (garbage for now)
-        Value<?> subschemaSubentry = directoryService.getPartitionNexus().getRootDSE( null ).get(
+        Value<?> subschemaSubentry = directoryService.getPartitionNexus().getRootDse( null ).get(
             SchemaConstants.SUBSCHEMA_SUBENTRY_AT ).get();
         Dn subschemaSubentryDnName = directoryService.getDnFactory().create( subschemaSubentry.getString() );
         subschemaSubentryDn = subschemaSubentryDnName.getNormName();
@@ -499,14 +508,16 @@ public class AciAuthorizationInterceptor
      * operation.
      * -------------------------------------------------------------------------------
      */
-
-    public void add( NextInterceptor next, AddOperationContext addContext ) throws LdapException
+    /**
+     * {@inheritDoc}
+     */
+    public void add( AddOperationContext addContext ) throws LdapException
     {
         // bypass authz code if it was disabled
         if ( !directoryService.isAccessControlEnabled() )
         {
             ACI_LOG.debug( "ACI interceptor disabled" );
-            next.add( addContext );
+            next( addContext );
             return;
         }
 
@@ -525,7 +536,7 @@ public class AciAuthorizationInterceptor
         {
             ACI_LOG.debug( "Addition done by the administartor : no check" );
 
-            next.add( addContext );
+            next( addContext );
             tupleCache.subentryAdded( dn, serverEntry );
             groupCache.groupAdded( dn, serverEntry );
             return;
@@ -581,7 +592,7 @@ public class AciAuthorizationInterceptor
         }
 
         // if we've gotten this far then access has been granted
-        next.add( addContext );
+        next( addContext );
 
         // if the entry added is a subentry or a groupOf[Unique]Names we must
         // update the ACITuple cache and the groups cache to keep them in sync
@@ -590,12 +601,63 @@ public class AciAuthorizationInterceptor
     }
 
 
-    private boolean isTheAdministrator( Dn normalizedDn )
+    /**
+     * {@inheritDoc}
+     */
+    public boolean compare( CompareOperationContext compareContext ) throws LdapException
     {
-        return normalizedDn.getNormName().equals( ServerDNConstants.ADMIN_SYSTEM_DN_NORMALIZED );
+        CoreSession session = compareContext.getSession();
+        Dn dn = compareContext.getDn();
+        String oid = compareContext.getOid();
+
+        Entry entry = compareContext.getOriginalEntry();
+
+        LdapPrincipal principal = session.getEffectivePrincipal();
+        Dn principalDn = principal.getDn();
+
+        if ( isPrincipalAnAdministrator( principalDn ) || !directoryService.isAccessControlEnabled() )
+        {
+            return next( compareContext );
+        }
+
+        Set<Dn> userGroups = groupCache.getGroups( principalDn.getNormName() );
+        Collection<ACITuple> tuples = new HashSet<ACITuple>();
+        addPerscriptiveAciTuples( compareContext, tuples, dn, entry );
+        addEntryAciTuples( tuples, entry );
+        addSubentryAciTuples( compareContext, tuples, dn, entry );
+
+        AciContext aciContext = new AciContext( schemaManager, compareContext );
+        aciContext.setUserGroupNames( userGroups );
+        aciContext.setUserDn( principalDn );
+        aciContext.setAuthenticationLevel( principal.getAuthenticationLevel() );
+        aciContext.setEntryDn( dn );
+        aciContext.setMicroOperations( READ_PERMS );
+        aciContext.setAciTuples( tuples );
+        aciContext.setEntry( entry );
+
+        engine.checkPermission( aciContext );
+
+        AttributeType attributeType = schemaManager.lookupAttributeTypeRegistry( oid );
+
+        aciContext = new AciContext( schemaManager, compareContext );
+        aciContext.setUserGroupNames( userGroups );
+        aciContext.setUserDn( principalDn );
+        aciContext.setAuthenticationLevel( principal.getAuthenticationLevel() );
+        aciContext.setEntryDn( dn );
+        aciContext.setAttributeType( attributeType );
+        aciContext.setMicroOperations( COMPARE_PERMS );
+        aciContext.setAciTuples( tuples );
+        aciContext.setEntry( entry );
+
+        engine.checkPermission( aciContext );
+
+        return next( compareContext );
     }
 
 
+    /**
+     * {@inheritDoc}
+     */
     public void delete( DeleteOperationContext deleteContext ) throws LdapException
     {
         CoreSession session = deleteContext.getSession();
@@ -650,9 +712,118 @@ public class AciAuthorizationInterceptor
     }
 
 
-    // False positive, we want to keep the comment
-    @SuppressWarnings("PMD.CollapsibleIfStatements")
-    public void modify( NextInterceptor next, ModifyOperationContext modifyContext ) throws LdapException
+    /**
+     * {@inheritDoc}
+     */
+    public boolean hasEntry( HasEntryOperationContext hasEntryContext ) throws LdapException
+    {
+        Dn dn = hasEntryContext.getDn();
+
+        if ( !directoryService.isAccessControlEnabled() )
+        {
+            return ( dn.isRootDse() || next( hasEntryContext ) );
+        }
+
+        boolean answer = next( hasEntryContext );
+
+        // no checks on the RootDSE
+        if ( dn.isRootDse() )
+        {
+            // No need to go down to the stack, if the dn is empty
+            // It's the rootDSE, and it exists !
+            return answer;
+        }
+
+        CoreSession session = hasEntryContext.getSession();
+
+        // TODO - eventually replace this with a check on session.isAnAdministrator()
+        LdapPrincipal principal = session.getEffectivePrincipal();
+        Dn principalDn = principal.getDn();
+
+        if ( isPrincipalAnAdministrator( principalDn ) )
+        {
+            return answer;
+        }
+
+        LookupOperationContext lookupContext = new LookupOperationContext( session, dn, SchemaConstants.ALL_ATTRIBUTES_ARRAY );
+        Entry entry = directoryService.getPartitionNexus().lookup( lookupContext );
+
+        Set<Dn> userGroups = groupCache.getGroups( principalDn.getNormName() );
+        Collection<ACITuple> tuples = new HashSet<ACITuple>();
+        addPerscriptiveAciTuples( hasEntryContext, tuples, dn, entry );
+        addEntryAciTuples( tuples, ( ( ClonedServerEntry ) entry ).getOriginalEntry() );
+        addSubentryAciTuples( hasEntryContext, tuples, dn, ( ( ClonedServerEntry ) entry ).getOriginalEntry() );
+
+        // check that we have browse access to the entry
+        AciContext aciContext = new AciContext( schemaManager, hasEntryContext );
+        aciContext.setUserGroupNames( userGroups );
+        aciContext.setUserDn( principalDn );
+        aciContext.setAuthenticationLevel( principal.getAuthenticationLevel() );
+        aciContext.setEntryDn( dn );
+        aciContext.setMicroOperations( BROWSE_PERMS );
+        aciContext.setAciTuples( tuples );
+        aciContext.setEntry( ((ClonedServerEntry)entry).getOriginalEntry() );
+
+        engine.checkPermission( aciContext );
+
+        return next( hasEntryContext );
+    }
+
+
+    /**
+     * {@inheritDoc}
+     */
+    public EntryFilteringCursor list( ListOperationContext listContext ) throws LdapException
+    {
+        LdapPrincipal user = listContext.getSession().getEffectivePrincipal();
+        EntryFilteringCursor cursor = next( listContext );
+
+        if ( isPrincipalAnAdministrator( user.getDn() )
+            || !directoryService.isAccessControlEnabled() )
+        {
+            return cursor;
+        }
+
+        AuthorizationFilter authzFilter = new AuthorizationFilter();
+        cursor.addEntryFilter( authzFilter );
+
+        return cursor;
+    }
+
+
+    /**
+     * {@inheritDoc}
+     */
+    public Entry lookup( LookupOperationContext lookupContext ) throws LdapException
+    {
+        CoreSession session = lookupContext.getSession();
+
+        LdapPrincipal principal = session.getEffectivePrincipal();
+        Dn principalDn = principal.getDn();
+
+        if ( !principalDn.isSchemaAware() )
+        {
+            principalDn.apply( schemaManager );
+        }
+
+        // Bypass this interceptor if we disabled the AC subsystem or if the principal is the admin
+        if ( isPrincipalAnAdministrator( principalDn ) || !directoryService.isAccessControlEnabled() )
+        {
+            return next( lookupContext );
+        }
+
+        Entry entry = directoryService.getPartitionNexus().lookup( lookupContext );
+
+        checkLookupAccess( lookupContext, entry );
+
+        return entry;
+    }
+
+
+    /**
+     * {@inheritDoc}
+     */
+    public void modify( ModifyOperationContext modifyContext ) throws LdapException
     {
         Dn dn = modifyContext.getDn();
 
@@ -665,7 +836,7 @@ public class AciAuthorizationInterceptor
         // bypass authz code if we are disabled
         if ( !directoryService.isAccessControlEnabled() )
         {
-            next.modify( modifyContext );
+            next( modifyContext );
             return;
         }
 
@@ -674,7 +845,7 @@ public class AciAuthorizationInterceptor
         // bypass authz code but manage caches if operation is performed by the admin
         if ( isPrincipalAnAdministrator( principalDn ) )
         {
-            next.modify( modifyContext );
+            next( modifyContext );
 
             /**
              * @TODO: A virtual entry can be created here for not hitting the backend again.
@@ -800,7 +971,7 @@ public class AciAuthorizationInterceptor
             }
         }
 
-        next.modify( modifyContext );
+        next( modifyContext );
         /**
          * @TODO: A virtual entry can be created here for not hitting the backend again.
          */
@@ -816,217 +987,101 @@ public class AciAuthorizationInterceptor
     /**
      * {@inheritDoc}
      */
-    public boolean hasEntry( EntryOperationContext hasEntryContext ) throws LdapException
+    public void move( MoveOperationContext moveContext ) throws LdapException
     {
-        Dn dn = hasEntryContext.getDn();
+        Dn oriChildName = moveContext.getDn();
 
-        if ( !directoryService.isAccessControlEnabled() )
-        {
-            return ( dn.isRootDSE() || next( hasEntryContext ) );
-        }
+        // Access the principal requesting the operation, and bypass checks if it is the admin
+        Entry entry = moveContext.getOriginalEntry();
+        CoreSession session = moveContext.getSession();
 
-        boolean answer = next( hasEntryContext );
+        Dn newDn = moveContext.getNewDn();
 
-        // no checks on the RootDSE
-        if ( dn.isRootDSE() )
+        LdapPrincipal principal = session.getEffectivePrincipal();
+        Dn principalDn = principal.getDn();
+
+        // bypass authz code if we are disabled
+        if ( !directoryService.isAccessControlEnabled() )
         {
-            // No need to go down to the stack, if the dn is empty
-            // It's the rootDSE, and it exists !
-            return answer;
+            next( moveContext );
+            return;
         }
 
-        CoreSession session = hasEntryContext.getSession();
-
-        // TODO - eventually replace this with a check on session.isAnAdministrator()
-        LdapPrincipal principal = session.getEffectivePrincipal();
-        Dn principalDn = principal.getDn();
+        protectCriticalEntries( moveContext, oriChildName );
 
+        // bypass authz code but manage caches if operation is performed by the admin
         if ( isPrincipalAnAdministrator( principalDn ) )
         {
-            return answer;
+            next( moveContext );
+            tupleCache.subentryRenamed( oriChildName, newDn );
+            groupCache.groupRenamed( oriChildName, newDn );
+            return;
         }
 
-        LookupOperationContext lookupContext = new LookupOperationContext( session, dn, SchemaConstants.ALL_ATTRIBUTES_ARRAY );
-        Entry entry = directoryService.getPartitionNexus().lookup( lookupContext );
-
         Set<Dn> userGroups = groupCache.getGroups( principalDn.getNormName() );
         Collection<ACITuple> tuples = new HashSet<ACITuple>();
-        addPerscriptiveAciTuples( hasEntryContext, tuples, dn, entry );
-        addEntryAciTuples( tuples, ( ( ClonedServerEntry ) entry ).getOriginalEntry() );
-        addSubentryAciTuples( hasEntryContext, tuples, dn, ( ( ClonedServerEntry ) entry ).getOriginalEntry() );
+        addPerscriptiveAciTuples( moveContext, tuples, oriChildName, entry );
+        addEntryAciTuples( tuples, entry );
+        addSubentryAciTuples( moveContext, tuples, oriChildName, entry );
 
-        // check that we have browse access to the entry
-        AciContext aciContext = new AciContext( schemaManager, hasEntryContext );
+        AciContext aciContext = new AciContext( schemaManager, moveContext );
         aciContext.setUserGroupNames( userGroups );
         aciContext.setUserDn( principalDn );
         aciContext.setAuthenticationLevel( principal.getAuthenticationLevel() );
-        aciContext.setEntryDn( dn );
-        aciContext.setMicroOperations( BROWSE_PERMS );
+        aciContext.setEntryDn( oriChildName );
+        aciContext.setMicroOperations( EXPORT_PERMS );
         aciContext.setAciTuples( tuples );
-        aciContext.setEntry( ((ClonedServerEntry)entry).getOriginalEntry() );
+        aciContext.setEntry( entry );
 
         engine.checkPermission( aciContext );
 
-        return next( hasEntryContext );
-    }
+        // Get the entry again without operational attributes
+        // because access control subentry operational attributes
+        // will not be valid at the new location.
+        // This will certainly be fixed by the SubentryInterceptor,
+        // but after this service.
+        LookupOperationContext lookupContext = new LookupOperationContext( session, oriChildName, SchemaConstants.ALL_USER_ATTRIBUTES_ARRAY );
+        Entry importedEntry = directoryService.getPartitionNexus().lookup( lookupContext );
 
+        // As the target entry does not exist yet and so
+        // its subentry operational attributes are not there,
+        // we need to construct an entry to represent it
+        // at least with minimal requirements which are object class
+        // and access control subentry operational attributes.
+        Entry subentryAttrs = subentryUtils.getSubentryAttributes( newDn, importedEntry );
 
-    /**
-     * Checks if the READ permissions exist to the entry and to each attribute type and
-     * value.
-     *
-     * @todo not sure if we should hide attribute types/values or throw an exception
-     * instead.  I think we're going to have to use a filter to restrict the return
-     * of attribute types and values instead of throwing an exception.  Lack of read
-     * perms to attributes and their values results in their removal when returning
-     * the entry.
-     *
-     * @param principal the user associated with the call
-     * @param dn the name of the entry being looked up
-     * @param entry the raw entry pulled from the nexus
-     * @throws Exception if undlying access to the DIT fails
-     */
-    private void checkLookupAccess( LookupOperationContext lookupContext, Entry entry ) throws LdapException
-    {
-        Dn dn = lookupContext.getDn();
-
-        // no permissions checks on the RootDSE
-        if ( dn.isRootDSE() )
+        for ( Attribute attribute : importedEntry )
         {
-            return;
+            subentryAttrs.put( attribute );
         }
 
-        LdapPrincipal principal = lookupContext.getSession().getEffectivePrincipal();
-        Dn userName = principal.getDn();
-        Set<Dn> userGroups = groupCache.getGroups( userName.getNormName() );
-        Collection<ACITuple> tuples = new HashSet<ACITuple>();
-        addPerscriptiveAciTuples( lookupContext, tuples, dn, entry );
-        addEntryAciTuples( tuples, entry );
-        addSubentryAciTuples( lookupContext, tuples, dn, entry );
+        Collection<ACITuple> destTuples = new HashSet<ACITuple>();
+        // Import permission is only valid for prescriptive ACIs
+        addPerscriptiveAciTuples( moveContext, destTuples, newDn, subentryAttrs );
 
-        // check that we have read access to the entry
-        AciContext aciContext = new AciContext( schemaManager, lookupContext );
+        // Evaluate the target context to see whether it
+        // allows an entry named newName to be imported as a subordinate.
+        aciContext = new AciContext( schemaManager, moveContext );
         aciContext.setUserGroupNames( userGroups );
-        aciContext.setUserDn( userName );
+        aciContext.setUserDn( principalDn );
         aciContext.setAuthenticationLevel( principal.getAuthenticationLevel() );
-        aciContext.setEntryDn( dn );
-        aciContext.setMicroOperations( LOOKUP_PERMS );
-        aciContext.setAciTuples( tuples );
-        aciContext.setEntry( entry );
+        aciContext.setEntryDn( newDn );
+        aciContext.setMicroOperations( IMPORT_PERMS );
+        aciContext.setAciTuples( destTuples );
+        aciContext.setEntry( subentryAttrs );
 
         engine.checkPermission( aciContext );
 
-        // check that we have read access to every attribute type and value
-        for ( Attribute attribute : entry )
-        {
-
-            for ( Value<?> value : attribute )
-            {
-                AciContext valueAciContext = new AciContext( schemaManager, lookupContext );
-                valueAciContext.setUserGroupNames( userGroups );
-                valueAciContext.setUserDn( userName );
-                valueAciContext.setAuthenticationLevel( principal.getAuthenticationLevel() );
-                valueAciContext.setEntryDn( dn );
-                valueAciContext.setAttributeType( attribute.getAttributeType() );
-                valueAciContext.setAttrValue( value );
-                valueAciContext.setMicroOperations( READ_PERMS );
-                valueAciContext.setAciTuples( tuples );
-                valueAciContext.setEntry( entry );
-
-                engine.checkPermission( valueAciContext );
-            }
-        }
+        next( moveContext );
+        tupleCache.subentryRenamed( oriChildName, newDn );
+        groupCache.groupRenamed( oriChildName, newDn );
     }
 
 
     /**
      * {@inheritDoc}
      */
-    public Entry lookup( LookupOperationContext lookupContext ) throws LdapException
-    {
-        CoreSession session = lookupContext.getSession();
-
-        LdapPrincipal principal = session.getEffectivePrincipal();
-        Dn principalDn = principal.getDn();
-
-        if ( !principalDn.isSchemaAware() )
-        {
-            principalDn.apply( schemaManager );
-        }
-
-        // Bypass this interceptor if we disabled the AC subsystem or if the principal is the admin
-        if ( isPrincipalAnAdministrator( principalDn ) || !directoryService.isAccessControlEnabled() )
-        {
-            return next( lookupContext );
-        }
-
-        Entry entry = directoryService.getPartitionNexus().lookup( lookupContext );
-
-        checkLookupAccess( lookupContext, entry );
-
-        return entry;
-    }
-
-
-    public void rename( NextInterceptor next, RenameOperationContext renameContext ) throws LdapException
-    {
-        Dn oldName = renameContext.getDn();
-        Entry originalEntry = null;
-
-        if ( renameContext.getEntry() != null )
-        {
-            originalEntry = ((ClonedServerEntry)renameContext.getEntry()).getOriginalEntry();
-        }
-
-        LdapPrincipal principal = renameContext.getSession().getEffectivePrincipal();
-        Dn principalDn = principal.getDn();
-        Dn newName = renameContext.getNewDn();
-
-        // bypass authz code if we are disabled
-        if ( !directoryService.isAccessControlEnabled() )
-        {
-            next.rename( renameContext );
-            return;
-        }
-
-        protectCriticalEntries( renameContext, oldName );
-
-        // bypass authz code but manage caches if operation is performed by the admin
-        if ( isPrincipalAnAdministrator( principalDn ) )
-        {
-            next.rename( renameContext );
-            tupleCache.subentryRenamed( oldName, newName );
-
-            // TODO : this method returns a boolean : what should we do with the result ?
-            groupCache.groupRenamed( oldName, newName );
-
-            return;
-        }
-
-        Set<Dn> userGroups = groupCache.getGroups( principalDn.getNormName() );
-        Collection<ACITuple> tuples = new HashSet<ACITuple>();
-        addPerscriptiveAciTuples( renameContext, tuples, oldName, originalEntry );
-        addEntryAciTuples( tuples, originalEntry );
-        addSubentryAciTuples( renameContext, tuples, oldName, originalEntry );
-
-        AciContext aciContext = new AciContext( schemaManager, renameContext );
-        aciContext.setUserGroupNames( userGroups );
-        aciContext.setUserDn( principalDn );
-        aciContext.setAuthenticationLevel( principal.getAuthenticationLevel() );
-        aciContext.setEntryDn( oldName );
-        aciContext.setMicroOperations( RENAME_PERMS );
-        aciContext.setAciTuples( tuples );
-        aciContext.setEntry( originalEntry );
-
-        engine.checkPermission( aciContext );
-
-        next.rename( renameContext );
-        tupleCache.subentryRenamed( oldName, newName );
-        groupCache.groupRenamed( oldName, newName );
-    }
-
-
-    public void moveAndRename( NextInterceptor next, MoveAndRenameOperationContext moveAndRenameContext ) throws LdapException
+    public void moveAndRename( MoveAndRenameOperationContext moveAndRenameContext ) throws LdapException
     {
         Dn oldDn = moveAndRenameContext.getDn();
         CoreSession session = moveAndRenameContext.getSession();
@@ -1040,7 +1095,8 @@ public class AciAuthorizationInterceptor
         // bypass authz code if we are disabled
         if ( !directoryService.isAccessControlEnabled() )
         {
-            next.moveAndRename( moveAndRenameContext );
+            next( moveAndRenameContext );
+
             return;
         }
 
@@ -1049,7 +1105,7 @@ public class AciAuthorizationInterceptor
         // bypass authz code but manage caches if operation is performed by the admin
         if ( isPrincipalAnAdministrator( principalDn ) )
         {
-            next.moveAndRename( moveAndRenameContext );
+            next( moveAndRenameContext );
             tupleCache.subentryRenamed( oldDn, newDn );
             groupCache.groupRenamed( oldDn, newDn );
 
@@ -1111,7 +1167,7 @@ public class AciAuthorizationInterceptor
 
         engine.checkPermission( aciContext );
 
-        next.moveAndRename( moveAndRenameContext );
+        next( moveAndRenameContext );
         tupleCache.subentryRenamed( oldDn, newDn );
         groupCache.groupRenamed( oldDn, newDn );
     }
@@ -1120,131 +1176,80 @@ public class AciAuthorizationInterceptor
     /**
      * {@inheritDoc}
      */
-    public void move( NextInterceptor next, MoveOperationContext moveContext ) throws LdapException
+    public void rename( RenameOperationContext renameContext ) throws LdapException
     {
-        Dn oriChildName = moveContext.getDn();
-
-        // Access the principal requesting the operation, and bypass checks if it is the admin
-        Entry entry = moveContext.getOriginalEntry();
-        CoreSession session = moveContext.getSession();
+        Dn oldName = renameContext.getDn();
+        Entry originalEntry = null;
 
-        Dn newDn = moveContext.getNewDn();
+        if ( renameContext.getEntry() != null )
+        {
+            originalEntry = ((ClonedServerEntry)renameContext.getEntry()).getOriginalEntry();
+        }
 
-        LdapPrincipal principal = session.getEffectivePrincipal();
+        LdapPrincipal principal = renameContext.getSession().getEffectivePrincipal();
         Dn principalDn = principal.getDn();
+        Dn newName = renameContext.getNewDn();
 
         // bypass authz code if we are disabled
         if ( !directoryService.isAccessControlEnabled() )
         {
-            next.move( moveContext );
+            next( renameContext );
             return;
         }
 
-        protectCriticalEntries( moveContext, oriChildName );
+        protectCriticalEntries( renameContext, oldName );
 
         // bypass authz code but manage caches if operation is performed by the admin
         if ( isPrincipalAnAdministrator( principalDn ) )
         {
-            next.move( moveContext );
-            tupleCache.subentryRenamed( oriChildName, newDn );
-            groupCache.groupRenamed( oriChildName, newDn );
+            next( renameContext );
+            tupleCache.subentryRenamed( oldName, newName );
+
+            // TODO : this method returns a boolean : what should we do with the result ?
+            groupCache.groupRenamed( oldName, newName );
+
             return;
         }
 
         Set<Dn> userGroups = groupCache.getGroups( principalDn.getNormName() );
         Collection<ACITuple> tuples = new HashSet<ACITuple>();
-        addPerscriptiveAciTuples( moveContext, tuples, oriChildName, entry );
-        addEntryAciTuples( tuples, entry );
-        addSubentryAciTuples( moveContext, tuples, oriChildName, entry );
+        addPerscriptiveAciTuples( renameContext, tuples, oldName, originalEntry );
+        addEntryAciTuples( tuples, originalEntry );
+        addSubentryAciTuples( renameContext, tuples, oldName, originalEntry );
 
-        AciContext aciContext = new AciContext( schemaManager, moveContext );
+        AciContext aciContext = new AciContext( schemaManager, renameContext );
         aciContext.setUserGroupNames( userGroups );
         aciContext.setUserDn( principalDn );
         aciContext.setAuthenticationLevel( principal.getAuthenticationLevel() );
-        aciContext.setEntryDn( oriChildName );
-        aciContext.setMicroOperations( EXPORT_PERMS );
+        aciContext.setEntryDn( oldName );
+        aciContext.setMicroOperations( RENAME_PERMS );
         aciContext.setAciTuples( tuples );
-        aciContext.setEntry( entry );
-
-        engine.checkPermission( aciContext );
-
-        // Get the entry again without operational attributes
-        // because access control subentry operational attributes
-        // will not be valid at the new location.
-        // This will certainly be fixed by the SubentryInterceptor,
-        // but after this service.
-        LookupOperationContext lookupContext = new LookupOperationContext( session, oriChildName, SchemaConstants.ALL_USER_ATTRIBUTES_ARRAY );
-        Entry importedEntry = directoryService.getPartitionNexus().lookup( lookupContext );
-
-        // As the target entry does not exist yet and so
-        // its subentry operational attributes are not there,
-        // we need to construct an entry to represent it
-        // at least with minimal requirements which are object class
-        // and access control subentry operational attributes.
-        Entry subentryAttrs = subentryUtils.getSubentryAttributes( newDn, importedEntry );
-
-        for ( Attribute attribute : importedEntry )
-        {
-            subentryAttrs.put( attribute );
-        }
-
-        Collection<ACITuple> destTuples = new HashSet<ACITuple>();
-        // Import permission is only valid for prescriptive ACIs
-        addPerscriptiveAciTuples( moveContext, destTuples, newDn, subentryAttrs );
-
-        // Evaluate the target context to see whether it
-        // allows an entry named newName to be imported as a subordinate.
-        aciContext = new AciContext( schemaManager, moveContext );
-        aciContext.setUserGroupNames( userGroups );
-        aciContext.setUserDn( principalDn );
-        aciContext.setAuthenticationLevel( principal.getAuthenticationLevel() );
-        aciContext.setEntryDn( newDn );
-        aciContext.setMicroOperations( IMPORT_PERMS );
-        aciContext.setAciTuples( destTuples );
-        aciContext.setEntry( subentryAttrs );
+        aciContext.setEntry( originalEntry );
 
         engine.checkPermission( aciContext );
 
-        next.move( moveContext );
-        tupleCache.subentryRenamed( oriChildName, newDn );
-        groupCache.groupRenamed( oriChildName, newDn );
+        next( renameContext );
+        tupleCache.subentryRenamed( oldName, newName );
+        groupCache.groupRenamed( oldName, newName );
     }
 
 
     /**
      * {@inheritDoc}
      */
-    public EntryFilteringCursor list( ListOperationContext listContext ) throws LdapException
-    {
-        LdapPrincipal user = listContext.getSession().getEffectivePrincipal();
-        EntryFilteringCursor cursor = next( listContext );
-
-        if ( isPrincipalAnAdministrator( user.getDn() )
-            || !directoryService.isAccessControlEnabled() )
-        {
-            return cursor;
-        }
-
-        AuthorizationFilter authzFilter = new AuthorizationFilter();
-        cursor.addEntryFilter( authzFilter );
-
-        return cursor;
-    }
-
-
-    public EntryFilteringCursor search( NextInterceptor next, SearchOperationContext searchContext ) throws LdapException
+    public EntryFilteringCursor search( SearchOperationContext searchContext ) throws LdapException
     {
         LdapPrincipal user = searchContext.getSession().getEffectivePrincipal();
         Dn principalDn = user.getDn();
-        EntryFilteringCursor cursor = next.search( searchContext );
+        EntryFilteringCursor cursor = next( searchContext );
 
         boolean isSubschemaSubentryLookup = subschemaSubentryDn.equals( searchContext.getDn().getNormName() );
         SearchControls searchCtls = searchContext.getSearchControls();
-        boolean isRootDSELookup = searchContext.getDn().size() == 0
+        boolean isRootDseLookup = searchContext.getDn().size() == 0
             && searchCtls.getSearchScope() == SearchControls.OBJECT_SCOPE;
 
         if ( isPrincipalAnAdministrator( principalDn )
-            || !directoryService.isAccessControlEnabled() || isRootDSELookup
+            || !directoryService.isAccessControlEnabled() || isRootDseLookup
             || isSubschemaSubentryLookup )
         {
             return cursor;
@@ -1255,63 +1260,77 @@ public class AciAuthorizationInterceptor
     }
 
 
-    public final boolean isPrincipalAnAdministrator( Dn principalDn )
-    {
-        return groupCache.isPrincipalAnAdministrator( principalDn );
-    }
-
-
     /**
-     * {@inheritDoc}
+     * Checks if the READ permissions exist to the entry and to each attribute type and
+     * value.
+     *
+     * @todo not sure if we should hide attribute types/values or throw an exception
+     * instead.  I think we're going to have to use a filter to restrict the return
+     * of attribute types and values instead of throwing an exception.  Lack of read
+     * perms to attributes and their values results in their removal when returning
+     * the entry.
+     *
+     * @param principal the user associated with the call
+     * @param dn the name of the entry being looked up
+     * @param entry the raw entry pulled from the nexus
+     * @throws Exception if undlying access to the DIT fails
      */
-    public boolean compare( CompareOperationContext compareContext ) throws LdapException
+    private void checkLookupAccess( LookupOperationContext lookupContext, Entry entry ) throws LdapException
     {
-        CoreSession session = compareContext.getSession();
-        Dn dn = compareContext.getDn();
-        String oid = compareContext.getOid();
-
-        Entry entry = compareContext.getOriginalEntry();
-
-        LdapPrincipal principal = session.getEffectivePrincipal();
-        Dn principalDn = principal.getDn();
+        Dn dn = lookupContext.getDn();
 
-        if ( isPrincipalAnAdministrator( principalDn ) || !directoryService.isAccessControlEnabled() )
+        // no permissions checks on the RootDSE
+        if ( dn.isRootDse() )
         {
-            return next( compareContext );
+            return;
         }
 
-        Set<Dn> userGroups = groupCache.getGroups( principalDn.getNormName() );
+        LdapPrincipal principal = lookupContext.getSession().getEffectivePrincipal();
+        Dn userName = principal.getDn();
+        Set<Dn> userGroups = groupCache.getGroups( userName.getNormName() );
         Collection<ACITuple> tuples = new HashSet<ACITuple>();
-        addPerscriptiveAciTuples( compareContext, tuples, dn, entry );
+        addPerscriptiveAciTuples( lookupContext, tuples, dn, entry );
         addEntryAciTuples( tuples, entry );
-        addSubentryAciTuples( compareContext, tuples, dn, entry );
+        addSubentryAciTuples( lookupContext, tuples, dn, entry );
 
-        AciContext aciContext = new AciContext( schemaManager, compareContext );
+        // check that we have read access to the entry
+        AciContext aciContext = new AciContext( schemaManager, lookupContext );
         aciContext.setUserGroupNames( userGroups );
-        aciContext.setUserDn( principalDn );
+        aciContext.setUserDn( userName );
         aciContext.setAuthenticationLevel( principal.getAuthenticationLevel() );
         aciContext.setEntryDn( dn );
-        aciContext.setMicroOperations( READ_PERMS );
+        aciContext.setMicroOperations( LOOKUP_PERMS );
         aciContext.setAciTuples( tuples );
         aciContext.setEntry( entry );
 
         engine.checkPermission( aciContext );
 
-        AttributeType attributeType = schemaManager.lookupAttributeTypeRegistry( oid );
+        // check that we have read access to every attribute type and value
+        for ( Attribute attribute : entry )
+        {
 
-        aciContext = new AciContext( schemaManager, compareContext );
-        aciContext.setUserGroupNames( userGroups );
-        aciContext.setUserDn( principalDn );
-        aciContext.setAuthenticationLevel( principal.getAuthenticationLevel() );
-        aciContext.setEntryDn( dn );
-        aciContext.setAttributeType( attributeType );
-        aciContext.setMicroOperations( COMPARE_PERMS );
-        aciContext.setAciTuples( tuples );
-        aciContext.setEntry( entry );
+            for ( Value<?> value : attribute )
+            {
+                AciContext valueAciContext = new AciContext( schemaManager, lookupContext );
+                valueAciContext.setUserGroupNames( userGroups );
+                valueAciContext.setUserDn( userName );
+                valueAciContext.setAuthenticationLevel( principal.getAuthenticationLevel() );
+                valueAciContext.setEntryDn( dn );
+                valueAciContext.setAttributeType( attribute.getAttributeType() );
+                valueAciContext.setAttrValue( value );
+                valueAciContext.setMicroOperations( READ_PERMS );
+                valueAciContext.setAciTuples( tuples );
+                valueAciContext.setEntry( entry );
 
-        engine.checkPermission( aciContext );
+                engine.checkPermission( valueAciContext );
+            }
+        }
+    }
 
-        return next( compareContext );
+
+    public final boolean isPrincipalAnAdministrator( Dn principalDn )
+    {
+        return groupCache.isPrincipalAnAdministrator( principalDn );
     }
 
 
@@ -1437,4 +1456,10 @@ public class AciAuthorizationInterceptor
             return filter( searchContext, normName, entry );
         }
     }
+
+
+    private boolean isTheAdministrator( Dn normalizedDn )
+    {
+        return normalizedDn.getNormName().equals( ServerDNConstants.ADMIN_SYSTEM_DN_NORMALIZED );
+    }
 }

Modified: directory/apacheds/branches/apacheds-txns/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/DefaultAuthorizationInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-txns/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/DefaultAuthorizationInterceptor.java?rev=1201297&r1=1201296&r2=1201297&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-txns/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/DefaultAuthorizationInterceptor.java (original)
+++ directory/apacheds/branches/apacheds-txns/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/DefaultAuthorizationInterceptor.java Sat Nov 12 18:24:38 2011
@@ -29,12 +29,12 @@ import org.apache.directory.server.const
 import org.apache.directory.server.core.shared.DefaultCoreSession;
 import org.apache.directory.server.core.api.CoreSession;
 import org.apache.directory.server.core.api.DirectoryService;
+import org.apache.directory.server.core.api.InterceptorEnum;
 import org.apache.directory.server.core.api.LdapPrincipal;
 import org.apache.directory.server.core.api.filtering.EntryFilter;
 import org.apache.directory.server.core.api.filtering.EntryFilteringCursor;
 import org.apache.directory.server.core.api.interceptor.BaseInterceptor;
 import org.apache.directory.server.core.api.interceptor.Interceptor;
-import org.apache.directory.server.core.api.interceptor.NextInterceptor;
 import org.apache.directory.server.core.api.interceptor.context.DeleteOperationContext;
 import org.apache.directory.server.core.api.interceptor.context.ListOperationContext;
 import org.apache.directory.server.core.api.interceptor.context.LookupOperationContext;
@@ -95,13 +95,12 @@ public class DefaultAuthorizationInterce
         }
     }
 
-
     /**
-     * Creates a new instance.
+     * Creates a new instance of DefaultAuthorizationInterceptor.
      */
     public DefaultAuthorizationInterceptor()
     {
-        // Nothing to do
+        super( InterceptorEnum.DEFAULT_AUTHORIZATION_INTERCEPTOR );
     }
 
 
@@ -151,7 +150,9 @@ public class DefaultAuthorizationInterce
     // Note:
     //    Lookup, search and list operations need to be handled using a filter
     // and so we need access to the filter service.
-
+    /**
+     * {@inheritDoc}
+     */
     public void delete( DeleteOperationContext deleteContext ) throws LdapException
     {
         if ( deleteContext.getSession().getDirectoryService().isAccessControlEnabled() )
@@ -206,36 +207,63 @@ public class DefaultAuthorizationInterce
     }
 
 
-    private boolean isTheAdministrator( Dn dn )
+    /**
+     * {@inheritDoc}
+     */
+    public EntryFilteringCursor list( ListOperationContext listContext ) throws LdapException
     {
-        return dn.equals( ADMIN_SYSTEM_DN );
+        EntryFilteringCursor cursor = next( listContext );
+
+        if ( listContext.getSession().getDirectoryService().isAccessControlEnabled() )
+        {
+            return cursor;
+        }
+
+        cursor.addEntryFilter( new DefaultAuthorizationSearchFilter() );
+
+        return cursor;
     }
 
 
-    private boolean isAnAdministrator( Dn dn )
+    /**
+     * {@inheritDoc}
+     */
+    public Entry lookup( LookupOperationContext lookupContext ) throws LdapException
     {
-        return isTheAdministrator( dn ) || administrators.contains( dn.getNormName() );
+        CoreSession session = lookupContext.getSession();
+        Entry entry = next( lookupContext );
+
+        if ( session.getDirectoryService().isAccessControlEnabled() )
+        {
+            return entry;
+        }
+
+        protectLookUp( session.getEffectivePrincipal().getDn(), lookupContext.getDn() );
+
+        return entry;
     }
 
 
     // ------------------------------------------------------------------------
     // Entry Modification Operations
     // ------------------------------------------------------------------------
-
     /**
      * This policy needs to be really tight too because some attributes may take
      * part in giving the user permissions to protected resources.  We do not want
      * users to self access these resources.  As far as we're concerned no one but
      * the admin needs access.
      */
-    public void modify( NextInterceptor nextInterceptor, ModifyOperationContext modifyContext ) throws LdapException
+    /**
+     * {@inheritDoc}
+     */
+    public void modify( ModifyOperationContext modifyContext ) throws LdapException
     {
         if ( !modifyContext.getSession().getDirectoryService().isAccessControlEnabled() )
         {
             Dn dn = modifyContext.getDn();
 
             protectModifyAlterations( modifyContext, dn );
-            nextInterceptor.modify( modifyContext );
+            next( modifyContext );
 
             // update administrators if we change administrators group
             if ( dn.equals( ADMIN_GROUP_DN ) )
@@ -245,8 +273,88 @@ public class DefaultAuthorizationInterce
         }
         else
         {
-            nextInterceptor.modify( modifyContext );
+            next( modifyContext );
+        }
+    }
+
+
+    /**
+     * {@inheritDoc}
+     */
+    public void move( MoveOperationContext moveContext ) throws LdapException
+    {
+        if ( !moveContext.getSession().getDirectoryService().isAccessControlEnabled() )
+        {
+            protectDnAlterations( moveContext, moveContext.getDn() );
+        }
+
+        next( moveContext );
+    }
+
+
+    /**
+     * {@inheritDoc}
+     */
+    public void moveAndRename( MoveAndRenameOperationContext moveAndRenameContext ) throws LdapException
+    {
+        if ( !moveAndRenameContext.getSession().getDirectoryService().isAccessControlEnabled() )
+        {
+            protectDnAlterations( moveAndRenameContext, moveAndRenameContext.getDn() );
+        }
+
+        next( moveAndRenameContext );
+    }
+
+
+    // ------------------------------------------------------------------------
+    // Dn altering operations are a no no for any user entry.  Basically here
+    // are the rules of conduct to follow:
+    //
+    //  o No user should have the ability to move or rename their entry
+    //  o Only the administrator can move or rename non-admin user entries
+    //  o The administrator entry cannot be moved or renamed by anyone
+    // ------------------------------------------------------------------------
+    /**
+     * {@inheritDoc}
+     */
+    public void rename( RenameOperationContext renameContext ) throws LdapException
+    {
+        if ( !renameContext.getSession().getDirectoryService().isAccessControlEnabled() )
+        {
+            protectDnAlterations( renameContext, renameContext.getDn() );
         }
+
+        next( renameContext );
+    }
+
+
+    /**
+     * {@inheritDoc}
+     */
+    public EntryFilteringCursor search( SearchOperationContext searchContext ) throws LdapException
+    {
+        EntryFilteringCursor cursor = next( searchContext );
+
+        if ( searchContext.getSession().getDirectoryService().isAccessControlEnabled() )
+        {
+            return cursor;
+        }
+
+        cursor.addEntryFilter( new DefaultAuthorizationSearchFilter() );
+
+        return cursor;
+    }
+
+
+    private boolean isTheAdministrator( Dn dn )
+    {
+        return dn.equals( ADMIN_SYSTEM_DN );
+    }
+
+
+    private boolean isAnAdministrator( Dn dn )
+    {
+        return isTheAdministrator( dn ) || administrators.contains( dn.getNormName() );
     }
 
 
@@ -296,51 +404,6 @@ public class DefaultAuthorizationInterce
     }
 
 
-    // ------------------------------------------------------------------------
-    // Dn altering operations are a no no for any user entry.  Basically here
-    // are the rules of conduct to follow:
-    //
-    //  o No user should have the ability to move or rename their entry
-    //  o Only the administrator can move or rename non-admin user entries
-    //  o The administrator entry cannot be moved or renamed by anyone
-    // ------------------------------------------------------------------------
-
-    public void rename( NextInterceptor nextInterceptor, RenameOperationContext renameContext ) throws LdapException
-    {
-        if ( !renameContext.getSession().getDirectoryService().isAccessControlEnabled() )
-        {
-            protectDnAlterations( renameContext, renameContext.getDn() );
-        }
-
-        nextInterceptor.rename( renameContext );
-    }
-
-
-    /**
-     * {@inheritDoc}
-     */
-    public void move( NextInterceptor nextInterceptor, MoveOperationContext moveContext ) throws LdapException
-    {
-        if ( !moveContext.getSession().getDirectoryService().isAccessControlEnabled() )
-        {
-            protectDnAlterations( moveContext, moveContext.getDn() );
-        }
-
-        nextInterceptor.move( moveContext );
-    }
-
-
-    public void moveAndRename( NextInterceptor nextInterceptor, MoveAndRenameOperationContext moveAndRenameContext ) throws LdapException
-    {
-        if ( !moveAndRenameContext.getSession().getDirectoryService().isAccessControlEnabled() )
-        {
-            protectDnAlterations( moveAndRenameContext, moveAndRenameContext.getDn() );
-        }
-
-        nextInterceptor.moveAndRename( moveAndRenameContext );
-    }
-
-
     private void protectDnAlterations( OperationContext opCtx, Dn dn ) throws LdapException
     {
         Dn principalDn = getPrincipal( opCtx ).getDn();
@@ -382,22 +445,6 @@ public class DefaultAuthorizationInterce
     }
 
 
-    public Entry lookup( LookupOperationContext lookupContext ) throws LdapException
-    {
-        CoreSession session = lookupContext.getSession();
-        Entry entry = next( lookupContext );
-
-        if ( session.getDirectoryService().isAccessControlEnabled() )
-        {
-            return entry;
-        }
-
-        protectLookUp( session.getEffectivePrincipal().getDn(), lookupContext.getDn() );
-
-        return entry;
-    }
-
-
     private void protectLookUp( Dn principalDn, Dn normalizedDn ) throws LdapException
     {
         if ( !isAnAdministrator( principalDn ) )
@@ -447,39 +494,6 @@ public class DefaultAuthorizationInterce
     }
 
 
-    public EntryFilteringCursor search( NextInterceptor nextInterceptor, SearchOperationContext searchContext ) throws LdapException
-    {
-        EntryFilteringCursor cursor = nextInterceptor.search( searchContext );
-
-        if ( searchContext.getSession().getDirectoryService().isAccessControlEnabled() )
-        {
-            return cursor;
-        }
-
-        cursor.addEntryFilter( new DefaultAuthorizationSearchFilter() );
-
-        return cursor;
-    }
-
-
-    /**
-     * {@inheritDoc}
-     */
-    public EntryFilteringCursor list( ListOperationContext listContext ) throws LdapException
-    {
-        EntryFilteringCursor cursor = next( listContext );
-
-        if ( listContext.getSession().getDirectoryService().isAccessControlEnabled() )
-        {
-            return cursor;
-        }
-
-        cursor.addEntryFilter( new DefaultAuthorizationSearchFilter() );
-
-        return cursor;
-    }
-
-
     // False positive, we want to keep the comment
     @SuppressWarnings("PMD.CollapsibleIfStatements")
     private boolean isSearchable( OperationContext opContext, Entry entry ) throws Exception

Modified: directory/apacheds/branches/apacheds-txns/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/MaxImmSubFilter.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-txns/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/MaxImmSubFilter.java?rev=1201297&r1=1201296&r2=1201297&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-txns/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/MaxImmSubFilter.java (original)
+++ directory/apacheds/branches/apacheds-txns/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/support/MaxImmSubFilter.java Sat Nov 12 18:24:38 2011
@@ -83,7 +83,7 @@ public class MaxImmSubFilter implements 
     {
         ACI_LOG.debug( "Filtering MaxImmSub..." );
 
-        if ( aciContext.getEntryDn().isRootDSE() )
+        if ( aciContext.getEntryDn().isRootDse() )
         {
             return aciContext.getAciTuples();
         }

Propchange: directory/apacheds/branches/apacheds-txns/interceptors/changelog/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Sat Nov 12 18:24:38 2011
@@ -1 +1 @@
-/directory/apacheds/trunk/interceptors/changelog:1183435-1200383
+/directory/apacheds/trunk/interceptors/changelog:1183435-1201283

Modified: directory/apacheds/branches/apacheds-txns/interceptors/changelog/src/main/java/org/apache/directory/server/core/changelog/ChangeLogInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-txns/interceptors/changelog/src/main/java/org/apache/directory/server/core/changelog/ChangeLogInterceptor.java?rev=1201297&r1=1201296&r2=1201297&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-txns/interceptors/changelog/src/main/java/org/apache/directory/server/core/changelog/ChangeLogInterceptor.java (original)
+++ directory/apacheds/branches/apacheds-txns/interceptors/changelog/src/main/java/org/apache/directory/server/core/changelog/ChangeLogInterceptor.java Sat Nov 12 18:24:38 2011
@@ -26,11 +26,11 @@ import org.apache.directory.server.const
 import org.apache.directory.server.constants.ServerDNConstants;
 import org.apache.directory.server.core.api.CoreSession;
 import org.apache.directory.server.core.api.DirectoryService;
+import org.apache.directory.server.core.api.InterceptorEnum;
 import org.apache.directory.server.core.api.changelog.ChangeLog;
 import org.apache.directory.server.core.api.entry.ClonedServerEntry;
 import org.apache.directory.server.core.api.entry.ServerEntryUtils;
 import org.apache.directory.server.core.api.interceptor.BaseInterceptor;
-import org.apache.directory.server.core.api.interceptor.NextInterceptor;
 import org.apache.directory.server.core.api.interceptor.context.AddOperationContext;
 import org.apache.directory.server.core.api.interceptor.context.DeleteOperationContext;
 import org.apache.directory.server.core.api.interceptor.context.LookupOperationContext;
@@ -65,23 +65,31 @@ public class ChangeLogInterceptor extend
 {
     /** for debugging */
     private static final Logger LOG = LoggerFactory.getLogger( ChangeLogInterceptor.class );
-    
+
     /** used to ignore modify operations to tombstone entries */
     private AttributeType entryDeleted;
-    
+
     /** the changelog service to log changes to */
     private ChangeLog changeLog;
-    
+
     /** OID of the 'rev' attribute used in changeLogEvent and tag objectclasses */
     private static final String REV_AT_OID = "1.3.6.1.4.1.18060.0.4.1.2.47";
+
+
+    /**
+     * Creates a new instance of a ChangeLogInterceptor.
+     */
+    public ChangeLogInterceptor()
+    {
+        super( InterceptorEnum.CHANGE_LOG_INTERCEPTOR );
+    }
+
     
     // -----------------------------------------------------------------------
     // Overridden init() and destroy() methods
     // -----------------------------------------------------------------------
-
-
     /**
-     * The init method will initialize the local variables and load the 
+     * The init method will initialize the local variables and load the
      * entryDeleted AttributeType.
      */
     public void init( DirectoryService directoryService ) throws LdapException
@@ -90,16 +98,19 @@ public class ChangeLogInterceptor extend
 
         changeLog = directoryService.getChangeLog();
         entryDeleted = directoryService.getSchemaManager()
-                .getAttributeType( ApacheSchemaConstants.ENTRY_DELETED_AT_OID );
+            .getAttributeType( ApacheSchemaConstants.ENTRY_DELETED_AT_OID );
     }
 
 
     // -----------------------------------------------------------------------
     // Overridden (only change inducing) intercepted methods
     // -----------------------------------------------------------------------
-    public void add( NextInterceptor next, AddOperationContext addContext ) throws LdapException
+    /**
+     * {@inheritDoc}
+     */
+    public void add( AddOperationContext addContext ) throws LdapException
     {
-        next.add( addContext );
+        next( addContext );
 
         if ( !changeLog.isEnabled() )
         {
@@ -111,9 +122,9 @@ public class ChangeLogInterceptor extend
         // we don't want to record addition of a tag as a change
         if ( addEntry.get( REV_AT_OID ) != null )
         {
-           return; 
+            return;
         }
-        
+
         LdifEntry forward = new LdifEntry();
         forward.setChangeType( ChangeType.Add );
         forward.setDn( addContext.getDn() );
@@ -123,7 +134,7 @@ public class ChangeLogInterceptor extend
             AttributeType attributeType = attribute.getAttributeType();
             forward.addAttribute( addEntry.get( attributeType).clone() );
         }
-        
+
         LdifEntry reverse = LdifRevertor.reverseAdd( addContext.getDn() );
         addContext.setChangeLogEvent( changeLog.log( getPrincipal( addContext ), forward, reverse ) );
     }
@@ -133,6 +144,9 @@ public class ChangeLogInterceptor extend
      * The delete operation has to be stored with a way to restore the deleted element.
      * There is no way to do that but reading the entry and dump it into the LOG.
      */
+    /**
+     * {@inheritDoc}
+     */
     public void delete( DeleteOperationContext deleteContext ) throws LdapException
     {
         // @todo make sure we're not putting in operational attributes that cannot be user modified
@@ -154,22 +168,22 @@ public class ChangeLogInterceptor extend
         // we don't want to record deleting a tag as a change
         if( serverEntry.get( REV_AT_OID ) != null )
         {
-           return; 
+            return;
         }
 
         LdifEntry forward = new LdifEntry();
         forward.setChangeType( ChangeType.Delete );
         forward.setDn( deleteContext.getDn() );
-        
+
         Entry reverseEntry = new DefaultEntry( serverEntry.getDn() );
-        
+
         boolean isCollectiveSubentry = serverEntry.hasObjectClass( SchemaConstants.COLLECTIVE_ATTRIBUTE_SUBENTRY_OC );
 
         for ( Attribute attribute : serverEntry )
         {
             // filter collective attributes, they can't be added by the revert operation
             AttributeType at = schemaManager.lookupAttributeTypeRegistry( attribute.getId() );
-            
+
             if ( !at.isCollective() || isCollectiveSubentry )
             {
                 reverseEntry.add( attribute.clone() );
@@ -182,38 +196,9 @@ public class ChangeLogInterceptor extend
 
 
     /**
-     * Gets attributes required for modifications.
-     *
-     * @param dn the dn of the entry to get
-     * @return the entry's attributes (may be immutable if the schema subentry)
-     * @throws Exception on error accessing the entry's attributes
-     */
-    private Entry getAttributes( OperationContext opContext ) throws LdapException
-    {
-        Dn dn = opContext.getDn();
-        Entry serverEntry;
-
-        // @todo make sure we're not putting in operational attributes that cannot be user modified
-        if ( dn.equals( ServerDNConstants.CN_SCHEMA_DN ) )
-        {
-            return SchemaService.getSubschemaEntryCloned( directoryService );
-        }
-        else
-        {
-            CoreSession session = opContext.getSession();
-            LookupOperationContext lookupContext = new LookupOperationContext( session, dn );
-            lookupContext.setAttrsId( SchemaConstants.ALL_ATTRIBUTES_ARRAY );
-            serverEntry = directoryService.getPartitionNexus().lookup( lookupContext  );
-        }
-
-        return serverEntry;
-    }
-
-
-    /**
-     * 
+     * {@inheritDoc}
      */
-    public void modify( NextInterceptor next, ModifyOperationContext modifyContext ) throws LdapException
+    public void modify( ModifyOperationContext modifyContext ) throws LdapException
     {
         Entry serverEntry = null;
         Modification modification = ServerEntryUtils.getModificationItem( modifyContext.getModItems(), entryDeleted );
@@ -224,9 +209,9 @@ public class ChangeLogInterceptor extend
             // @todo make sure we're not putting in operational attributes that cannot be user modified
             serverEntry = getAttributes( modifyContext );
         }
-        
+
         // Duplicate modifications so that the reverse does not contain the operational attributes
-        List<Modification> clonedMods = new ArrayList<Modification>(); 
+        List<Modification> clonedMods = new ArrayList<Modification>();
 
         for ( Modification mod : modifyContext.getModItems() )
         {
@@ -234,76 +219,64 @@ public class ChangeLogInterceptor extend
         }
 
         // Call the next interceptor
-        next.modify( modifyContext );
+        next( modifyContext );
 
         // @TODO: needs big consideration!!!
         // NOTE: perhaps we need to log this as a system operation that cannot and should not be reapplied?
-        if ( 
-            isDelete ||   
-            ! changeLog.isEnabled() || 
-            
-         // if there are no modifications due to stripping out bogus non-
-         // existing attributes then we will have no modification items and
-         // should ignore not this without registering it with the changelog
-         
-            modifyContext.getModItems().size() == 0 )  
+        if (
+            isDelete ||
+            ! changeLog.isEnabled() ||
+
+            // if there are no modifications due to stripping out bogus non-
+            // existing attributes then we will have no modification items and
+            // should ignore not this without registering it with the changelog
+
+            modifyContext.getModItems().size() == 0 )
         {
             if ( isDelete )
             {
                 LOG.debug( "Bypassing changelog on modify of entryDeleted attribute." );
             }
-            
+
             return;
         }
 
         LdifEntry forward = new LdifEntry();
         forward.setChangeType( ChangeType.Modify );
         forward.setDn( modifyContext.getDn() );
-        
+
         List<Modification> mods = new ArrayList<Modification>( clonedMods.size() );
-        
+
         for ( Modification modItem : clonedMods )
         {
             // TODO: handle correctly http://issues.apache.org/jira/browse/DIRSERVER-1198
             mods.add( modItem );
-            
+
             forward.addModification( modItem );
         }
-        
+
         Entry clientEntry = new DefaultEntry( serverEntry.getDn() );
-        
+
         for ( Attribute attribute:serverEntry )
         {
             clientEntry.add( attribute.clone() );
         }
 
-        LdifEntry reverse = LdifRevertor.reverseModify( 
-            modifyContext.getDn(), 
-            mods, 
+        LdifEntry reverse = LdifRevertor.reverseModify(
+            modifyContext.getDn(),
+            mods,
             clientEntry );
-        
+
         modifyContext.setChangeLogEvent( changeLog.log( getPrincipal( modifyContext ), forward, reverse ) );
     }
 
 
-    // -----------------------------------------------------------------------
-    // Though part left as an exercise (Not Any More!)
-    // -----------------------------------------------------------------------
-
-
-    public void rename ( NextInterceptor next, RenameOperationContext renameContext ) throws LdapException
+    /**
+     * {@inheritDoc}
+     */
+    public void move( MoveOperationContext moveContext ) throws LdapException
     {
-        Entry serverEntry = null;
-        
-        if ( renameContext.getEntry() != null )
-        {
-            serverEntry = ((ClonedServerEntry)renameContext.getEntry()).getOriginalEntry();
-        }
-        
-        next.rename( renameContext );
-        
-        // After this point, the entry has been modified. The cloned entry contains
-        // the modified entry, the originalEntry has changed
+        next( moveContext );
 
         if ( !changeLog.isEnabled() )
         {
@@ -311,30 +284,29 @@ public class ChangeLogInterceptor extend
         }
 
         LdifEntry forward = new LdifEntry();
-        forward.setChangeType( ChangeType.ModRdn );
-        forward.setDn( renameContext.getDn() );
-        forward.setNewRdn( renameContext.getNewRdn().getName() );
-        forward.setDeleteOldRdn( renameContext.getDeleteOldRdn() );
+        forward.setChangeType( ChangeType.ModDn );
+        forward.setDn( moveContext.getDn() );
+        forward.setNewSuperior( moveContext.getNewSuperior().getName() );
 
-        List<LdifEntry> reverses = LdifRevertor.reverseRename( 
-            serverEntry, renameContext.getNewRdn(), renameContext.getDeleteOldRdn() );
-        
-        renameContext.setChangeLogEvent( changeLog.log( getPrincipal( renameContext ), forward, reverses ) );
+        LdifEntry reverse = LdifRevertor.reverseMove(moveContext.getNewSuperior(), moveContext.getDn());
+        moveContext.setChangeLogEvent( changeLog.log( getPrincipal( moveContext ), forward, reverse ) );
     }
 
 
-    public void moveAndRename( NextInterceptor next, MoveAndRenameOperationContext moveAndRenameContext )
-        throws LdapException
+    /**
+     * {@inheritDoc}
+     */
+    public void moveAndRename( MoveAndRenameOperationContext moveAndRenameContext ) throws LdapException
     {
         Entry serverEntry = null;
-        
+
         if ( changeLog.isEnabled() )
         {
             // @todo make sure we're not putting in operational attributes that cannot be user modified
             serverEntry = moveAndRenameContext.getOriginalEntry();
         }
 
-        next.moveAndRename( moveAndRenameContext );
+        next( moveAndRenameContext );
 
         if ( !changeLog.isEnabled() )
         {
@@ -347,17 +319,17 @@ public class ChangeLogInterceptor extend
         forward.setDeleteOldRdn( moveAndRenameContext.getDeleteOldRdn() );
         forward.setNewRdn( moveAndRenameContext.getNewRdn().getName() );
         forward.setNewSuperior( moveAndRenameContext.getNewSuperiorDn().getName() );
-        
-        List<LdifEntry> reverses = LdifRevertor.reverseMoveAndRename(  
+
+        List<LdifEntry> reverses = LdifRevertor.reverseMoveAndRename(
             serverEntry, moveAndRenameContext.getNewSuperiorDn(), moveAndRenameContext.getNewRdn(), false );
-        
+
         if ( moveAndRenameContext.isReferralIgnored() )
         {
             forward.addControl( new ManageDsaITImpl() );
             LdifEntry reversedEntry = reverses.get( 0 );
             reversedEntry.addControl( new ManageDsaITImpl() );
         }
-        
+
         moveAndRenameContext.setChangeLogEvent( changeLog.log( getPrincipal( moveAndRenameContext ), forward, reverses ) );
     }
 
@@ -365,9 +337,19 @@ public class ChangeLogInterceptor extend
     /**
      * {@inheritDoc}
      */
-    public void move( NextInterceptor next, MoveOperationContext moveContext ) throws LdapException
+    public void rename( RenameOperationContext renameContext ) throws LdapException
     {
-        next.move( moveContext );
+        Entry serverEntry = null;
+
+        if ( renameContext.getEntry() != null )
+        {
+            serverEntry = ((ClonedServerEntry)renameContext.getEntry()).getOriginalEntry();
+        }
+
+        next( renameContext );
+
+        // After this point, the entry has been modified. The cloned entry contains
+        // the modified entry, the originalEntry has changed
 
         if ( !changeLog.isEnabled() )
         {
@@ -375,11 +357,43 @@ public class ChangeLogInterceptor extend
         }
 
         LdifEntry forward = new LdifEntry();
-        forward.setChangeType( ChangeType.ModDn );
-        forward.setDn( moveContext.getDn() );
-        forward.setNewSuperior( moveContext.getNewSuperior().getName() );
+        forward.setChangeType( ChangeType.ModRdn );
+        forward.setDn( renameContext.getDn() );
+        forward.setNewRdn( renameContext.getNewRdn().getName() );
+        forward.setDeleteOldRdn( renameContext.getDeleteOldRdn() );
 
-        LdifEntry reverse = LdifRevertor.reverseMove(moveContext.getNewSuperior(), moveContext.getDn());
-        moveContext.setChangeLogEvent( changeLog.log( getPrincipal( moveContext ), forward, reverse ) );
+        List<LdifEntry> reverses = LdifRevertor.reverseRename(
+            serverEntry, renameContext.getNewRdn(), renameContext.getDeleteOldRdn() );
+
+        renameContext.setChangeLogEvent( changeLog.log( getPrincipal( renameContext ), forward, reverses ) );
+    }
+
+
+    /**
+     * Gets attributes required for modifications.
+     *
+     * @param dn the dn of the entry to get
+     * @return the entry's attributes (may be immutable if the schema subentry)
+     * @throws Exception on error accessing the entry's attributes
+     */
+    private Entry getAttributes( OperationContext opContext ) throws LdapException
+    {
+        Dn dn = opContext.getDn();
+        Entry serverEntry;
+
+        // @todo make sure we're not putting in operational attributes that cannot be user modified
+        if ( dn.equals( ServerDNConstants.CN_SCHEMA_DN ) )
+        {
+            return SchemaService.getSubschemaEntryCloned( directoryService );
+        }
+        else
+        {
+            CoreSession session = opContext.getSession();
+            LookupOperationContext lookupContext = new LookupOperationContext( session, dn );
+            lookupContext.setAttrsId( SchemaConstants.ALL_ATTRIBUTES_ARRAY );
+            serverEntry = directoryService.getPartitionNexus().lookup( lookupContext  );
+        }
+
+        return serverEntry;
     }
 }

Propchange: directory/apacheds/branches/apacheds-txns/interceptors/collective/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Sat Nov 12 18:24:38 2011
@@ -1 +1 @@
-/directory/apacheds/trunk/interceptors/collective:1183435-1200383
+/directory/apacheds/trunk/interceptors/collective:1183435-1201283

Modified: directory/apacheds/branches/apacheds-txns/interceptors/collective/src/main/java/org/apache/directory/server/core/collective/CollectiveAttributeInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-txns/interceptors/collective/src/main/java/org/apache/directory/server/core/collective/CollectiveAttributeInterceptor.java?rev=1201297&r1=1201296&r2=1201297&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-txns/interceptors/collective/src/main/java/org/apache/directory/server/core/collective/CollectiveAttributeInterceptor.java (original)
+++ directory/apacheds/branches/apacheds-txns/interceptors/collective/src/main/java/org/apache/directory/server/core/collective/CollectiveAttributeInterceptor.java Sat Nov 12 18:24:38 2011
@@ -26,11 +26,11 @@ import java.util.Set;
 
 import org.apache.directory.server.core.api.CoreSession;
 import org.apache.directory.server.core.api.DirectoryService;
+import org.apache.directory.server.core.api.InterceptorEnum;
 import org.apache.directory.server.core.api.entry.ClonedServerEntry;
 import org.apache.directory.server.core.api.filtering.EntryFilter;
 import org.apache.directory.server.core.api.filtering.EntryFilteringCursor;
 import org.apache.directory.server.core.api.interceptor.BaseInterceptor;
-import org.apache.directory.server.core.api.interceptor.NextInterceptor;
 import org.apache.directory.server.core.api.interceptor.context.AddOperationContext;
 import org.apache.directory.server.core.api.interceptor.context.ListOperationContext;
 import org.apache.directory.server.core.api.interceptor.context.LookupOperationContext;
@@ -72,6 +72,15 @@ public class CollectiveAttributeIntercep
     private static Logger LOG = LoggerFactory.getLogger( CollectiveAttributeInterceptor.class );
 
     /**
+     * Creates a new instance of a CollectiveAttributeInterceptor.
+     */
+    public CollectiveAttributeInterceptor()
+    {
+        super( InterceptorEnum.COLLECTIVE_ATTRIBUTE_INTERCEPTOR );
+    }
+
+    
+    /**
      * the search result filter to use for collective attribute injection
      */
     private class CollectiveAttributeFilter implements EntryFilter
@@ -109,11 +118,11 @@ public class CollectiveAttributeIntercep
     /**
      * {@inheritDoc}
      */
-    public void add( NextInterceptor next, AddOperationContext addContext ) throws LdapException
+    public void add( AddOperationContext addContext ) throws LdapException
     {
         checkAdd( addContext.getDn(), addContext.getEntry() );
 
-        next.add( addContext );
+        next( addContext );
     }
 
 
@@ -154,20 +163,20 @@ public class CollectiveAttributeIntercep
     /**
      * {@inheritDoc}
      */
-    public void modify( NextInterceptor next, ModifyOperationContext modifyContext ) throws LdapException
+    public void modify( ModifyOperationContext modifyContext ) throws LdapException
     {
         checkModify( modifyContext );
 
-        next.modify( modifyContext );
+        next( modifyContext );
     }
 
 
     /**
      * {@inheritDoc}
      */
-    public EntryFilteringCursor search( NextInterceptor nextInterceptor, SearchOperationContext searchContext ) throws LdapException
+    public EntryFilteringCursor search( SearchOperationContext searchContext ) throws LdapException
     {
-        EntryFilteringCursor cursor = nextInterceptor.search( searchContext );
+        EntryFilteringCursor cursor = next( searchContext );
 
         cursor.addEntryFilter( SEARCH_FILTER );
 

Propchange: directory/apacheds/branches/apacheds-txns/interceptors/event/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Sat Nov 12 18:24:38 2011
@@ -1 +1 @@
-/directory/apacheds/trunk/interceptors/event:1183435-1200383
+/directory/apacheds/trunk/interceptors/event:1183435-1201283

Modified: directory/apacheds/branches/apacheds-txns/interceptors/event/src/main/java/org/apache/directory/server/core/event/EventInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-txns/interceptors/event/src/main/java/org/apache/directory/server/core/event/EventInterceptor.java?rev=1201297&r1=1201296&r2=1201297&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-txns/interceptors/event/src/main/java/org/apache/directory/server/core/event/EventInterceptor.java (original)
+++ directory/apacheds/branches/apacheds-txns/interceptors/event/src/main/java/org/apache/directory/server/core/event/EventInterceptor.java Sat Nov 12 18:24:38 2011
@@ -30,6 +30,7 @@ import java.util.concurrent.TimeUnit;
 
 import org.apache.directory.server.core.api.CoreSession;
 import org.apache.directory.server.core.api.DirectoryService;
+import org.apache.directory.server.core.api.InterceptorEnum;
 import org.apache.directory.server.core.api.entry.ClonedServerEntry;
 import org.apache.directory.server.core.api.event.DirectoryListener;
 import org.apache.directory.server.core.api.event.Evaluator;
@@ -38,7 +39,6 @@ import org.apache.directory.server.core.
 import org.apache.directory.server.core.api.event.NotificationCriteria;
 import org.apache.directory.server.core.api.event.RegistrationEntry;
 import org.apache.directory.server.core.api.interceptor.BaseInterceptor;
-import org.apache.directory.server.core.api.interceptor.NextInterceptor;
 import org.apache.directory.server.core.api.interceptor.context.AddOperationContext;
 import org.apache.directory.server.core.api.interceptor.context.DeleteOperationContext;
 import org.apache.directory.server.core.api.interceptor.context.LookupOperationContext;
@@ -67,11 +67,19 @@ public class EventInterceptor extends Ba
 {
     /** A logger for this class */
     private final static Logger LOG = LoggerFactory.getLogger( EventInterceptor.class );
-    
+
     private Evaluator evaluator;
     private ExecutorService executor;
 
-
+    /**
+     * Creates a new instance of a EventInterceptor.
+     */
+    public EventInterceptor()
+    {
+        super( InterceptorEnum.EVENT_INTERCEPTOR );
+    }
+    
+    
     /**
      * Initialize the event interceptor. It creates a pool of executor which will be used
      * to call the listeners in separate threads.
@@ -105,9 +113,9 @@ public class EventInterceptor extends Ba
                         listener.entryAdded( ( AddOperationContext ) opContext );
                     }
                 } );
-                
+
                 break;
-                
+
             case DELETE:
                 executor.execute( new Runnable()
                 {
@@ -116,9 +124,9 @@ public class EventInterceptor extends Ba
                         listener.entryDeleted( ( DeleteOperationContext ) opContext );
                     }
                 } );
-                
+
                 break;
-                
+
             case MODIFY:
                 executor.execute( new Runnable()
                 {
@@ -127,9 +135,9 @@ public class EventInterceptor extends Ba
                         listener.entryModified( ( ModifyOperationContext ) opContext );
                     }
                 } );
-                
+
                 break;
-                
+
             case MOVE:
                 executor.execute( new Runnable()
                 {
@@ -138,7 +146,7 @@ public class EventInterceptor extends Ba
                         listener.entryMoved( ( MoveOperationContext ) opContext );
                     }
                 } );
-                
+
                 break;
 
             case RENAME:
@@ -149,7 +157,7 @@ public class EventInterceptor extends Ba
                         listener.entryRenamed( ( RenameOperationContext ) opContext );
                     }
                 } );
-                
+
                 break;
         }
     }
@@ -158,10 +166,10 @@ public class EventInterceptor extends Ba
     /**
      * {@inheritDoc}
      */
-    public void add( NextInterceptor next, final AddOperationContext addContext ) throws LdapException
+    public void add( final AddOperationContext addContext ) throws LdapException
     {
-        next.add( addContext );
-        
+        next( addContext );
+
         List<RegistrationEntry> selecting = getSelectingRegistrations( addContext.getDn(), addContext.getEntry() );
 
         if ( selecting.isEmpty() )
@@ -205,13 +213,13 @@ public class EventInterceptor extends Ba
     /**
      * {@inheritDoc}
      */
-    public void modify( NextInterceptor next, final ModifyOperationContext modifyContext ) throws LdapException
+    public void modify( final ModifyOperationContext modifyContext ) throws LdapException
     {
         Entry oriEntry = modifyContext.getEntry();
 
         List<RegistrationEntry> selecting = getSelectingRegistrations( modifyContext.getDn(), oriEntry );
 
-        next.modify( modifyContext );
+        next( modifyContext );
 
         if ( selecting.isEmpty() )
         {
@@ -222,7 +230,7 @@ public class EventInterceptor extends Ba
         CoreSession session = modifyContext.getSession();
         LookupOperationContext lookupContext = new LookupOperationContext( session, modifyContext.getDn() );
         lookupContext.setAttrsId( SchemaConstants.ALL_ATTRIBUTES_ARRAY );
-        
+
         Entry alteredEntry = directoryService.getPartitionNexus().lookup( lookupContext );
         modifyContext.setAlteredEntry( alteredEntry );
 
@@ -239,31 +247,23 @@ public class EventInterceptor extends Ba
     /**
      * {@inheritDoc}
      */
-    public void rename( NextInterceptor next, RenameOperationContext renameContext ) throws LdapException
+    public void move( MoveOperationContext moveContext ) throws LdapException
     {
-        Entry oriEntry = ((ClonedServerEntry)renameContext.getEntry()).getOriginalEntry();
-        List<RegistrationEntry> selecting = getSelectingRegistrations( renameContext.getDn(), oriEntry );
+        Entry oriEntry = moveContext.getOriginalEntry();
+        List<RegistrationEntry> selecting = getSelectingRegistrations( moveContext.getDn(), oriEntry );
 
-        next.rename( renameContext );
+        next( moveContext );
 
         if ( selecting.isEmpty() )
         {
             return;
         }
 
-        // Get the modifed entry
-        CoreSession session = renameContext.getSession();
-        LookupOperationContext lookupContext = new LookupOperationContext( session, renameContext.getNewDn() );
-        lookupContext.setAttrsId( SchemaConstants.ALL_ATTRIBUTES_ARRAY );
-        
-        Entry alteredEntry = directoryService.getPartitionNexus().lookup( lookupContext );
-        renameContext.setModifiedEntry( alteredEntry );
-
         for ( final RegistrationEntry registration : selecting )
         {
-            if ( EventType.isRename( registration.getCriteria().getEventMask() ) )
+            if ( EventType.isMove( registration.getCriteria().getEventMask() ) )
             {
-                fire( renameContext, EventType.RENAME, registration.getListener() );
+                fire( moveContext, EventType.MOVE, registration.getListener() );
             }
         }
     }
@@ -272,11 +272,11 @@ public class EventInterceptor extends Ba
     /**
      * {@inheritDoc}
      */
-    public void moveAndRename( NextInterceptor next, final MoveAndRenameOperationContext moveAndRenameContext ) throws LdapException
+    public void moveAndRename( final MoveAndRenameOperationContext moveAndRenameContext ) throws LdapException
     {
         Entry oriEntry = moveAndRenameContext.getOriginalEntry();
         List<RegistrationEntry> selecting = getSelectingRegistrations( moveAndRenameContext.getDn(), oriEntry );
-        next.moveAndRename( moveAndRenameContext );
+        next( moveAndRenameContext );
 
         if ( selecting.isEmpty() )
         {
@@ -302,23 +302,31 @@ public class EventInterceptor extends Ba
     /**
      * {@inheritDoc}
      */
-    public void move( NextInterceptor next, MoveOperationContext moveContext ) throws LdapException
+    public void rename( RenameOperationContext renameContext ) throws LdapException
     {
-        Entry oriEntry = moveContext.getOriginalEntry();
-        List<RegistrationEntry> selecting = getSelectingRegistrations( moveContext.getDn(), oriEntry );
+        Entry oriEntry = ((ClonedServerEntry)renameContext.getEntry()).getOriginalEntry();
+        List<RegistrationEntry> selecting = getSelectingRegistrations( renameContext.getDn(), oriEntry );
 
-        next.move( moveContext );
+        next( renameContext );
 
         if ( selecting.isEmpty() )
         {
             return;
         }
 
+        // Get the modifed entry
+        CoreSession session = renameContext.getSession();
+        LookupOperationContext lookupContext = new LookupOperationContext( session, renameContext.getNewDn() );
+        lookupContext.setAttrsId( SchemaConstants.ALL_ATTRIBUTES_ARRAY );
+
+        Entry alteredEntry = directoryService.getPartitionNexus().lookup( lookupContext );
+        renameContext.setModifiedEntry( alteredEntry );
+
         for ( final RegistrationEntry registration : selecting )
         {
-            if ( EventType.isMove( registration.getCriteria().getEventMask() ) )
+            if ( EventType.isRename( registration.getCriteria().getEventMask() ) )
             {
-                fire( moveContext, EventType.MOVE, registration.getListener() );
+                fire( renameContext, EventType.RENAME, registration.getListener() );
             }
         }
     }

Propchange: directory/apacheds/branches/apacheds-txns/interceptors/exception/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Sat Nov 12 18:24:38 2011
@@ -1 +1 @@
-/directory/apacheds/trunk/interceptors/exception:1183435-1200383
+/directory/apacheds/trunk/interceptors/exception:1183435-1201283



Mime
View raw message