directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From elecha...@apache.org
Subject svn commit: r1420989 - in /directory/apacheds/trunk: interceptors/authz/src/main/java/org/apache/directory/server/core/authz/ interceptors/operational/src/main/java/org/apache/directory/server/core/operational/ interceptors/schema/src/main/java/org/apa...
Date Wed, 12 Dec 2012 21:37:45 GMT
Author: elecharny
Date: Wed Dec 12 21:37:44 2012
New Revision: 1420989

URL: http://svn.apache.org/viewvc?rev=1420989&view=rev
Log:
o Moved the attribute filtering from the AbstractBTreePartition class to SchemaInterceptor
o Fixed a huge issue that was introduced 7 years ago : when we were going through the ACI
interceptor and doing a lookup, wth a standard user (not admin), then we were fetching the
entry directly from the backend, instead of going through the whole chain
o Removed some filtering done in the OperationalAttributeInterceptor whil processing the Lookup
Operation

Modified:
    directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/AciAuthorizationInterceptor.java
    directory/apacheds/trunk/interceptors/operational/src/main/java/org/apache/directory/server/core/operational/OperationalAttributeInterceptor.java
    directory/apacheds/trunk/interceptors/schema/src/main/java/org/apache/directory/server/core/schema/SchemaInterceptor.java
    directory/apacheds/trunk/xdbm-partition/src/main/java/org/apache/directory/server/core/partition/impl/btree/AbstractBTreePartition.java

Modified: directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/AciAuthorizationInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/AciAuthorizationInterceptor.java?rev=1420989&r1=1420988&r2=1420989&view=diff
==============================================================================
--- directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/AciAuthorizationInterceptor.java
(original)
+++ directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/AciAuthorizationInterceptor.java
Wed Dec 12 21:37:44 2012
@@ -805,6 +805,8 @@ public class AciAuthorizationInterceptor
     {
         CoreSession session = lookupContext.getSession();
 
+        Entry entry = next( lookupContext );
+
         LdapPrincipal principal = session.getEffectivePrincipal();
         Dn principalDn = principal.getDn();
 
@@ -813,11 +815,9 @@ public class AciAuthorizationInterceptor
         // Bypass this interceptor if we disabled the AC subsystem or if the principal is
the admin
         if ( isPrincipalAnAdministrator( principalDn ) || !directoryService.isAccessControlEnabled()
)
         {
-            return next( lookupContext );
+            return entry;
         }
 
-        Entry entry = directoryService.getPartitionNexus().lookup( lookupContext );
-
         checkLookupAccess( lookupContext, entry );
 
         return entry;

Modified: directory/apacheds/trunk/interceptors/operational/src/main/java/org/apache/directory/server/core/operational/OperationalAttributeInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/operational/src/main/java/org/apache/directory/server/core/operational/OperationalAttributeInterceptor.java?rev=1420989&r1=1420988&r2=1420989&view=diff
==============================================================================
--- directory/apacheds/trunk/interceptors/operational/src/main/java/org/apache/directory/server/core/operational/OperationalAttributeInterceptor.java
(original)
+++ directory/apacheds/trunk/interceptors/operational/src/main/java/org/apache/directory/server/core/operational/OperationalAttributeInterceptor.java
Wed Dec 12 21:37:44 2012
@@ -299,45 +299,6 @@ public class OperationalAttributeInterce
     {
         Entry result = next( lookupContext );
 
-        if ( lookupContext.isAllUserAttributes() )
-        {
-            if ( lookupContext.isAllOperationalAttributes() )
-            {
-                // The user has requested '+' and '*', return everything.
-                return result;
-            }
-            else
-            {
-                filter( lookupContext, result );
-            }
-        }
-        else
-        {
-            if ( lookupContext.isAllOperationalAttributes() )
-            {
-                // Select the user attrinbutes from the result, depending on the returning
attributes list
-                filterUserAttributes( lookupContext, result );
-            }
-            else if ( ( lookupContext.getReturningAttributes() == null ) || ( lookupContext.getReturningAttributes().size()
== 0 ) )
-            {
-                // No returning attributes, return all the user attributes
-                // unless the user has requested no attributes
-                if ( lookupContext.isNoAttributes() )
-                {
-                    result.clear();
-                }
-                else
-                {
-                    filterOperationalAttributes( result );
-                }
-            }
-            else
-            {
-                // Deal with the returning attributes
-                filterList( lookupContext, result );
-            }
-        }
-
         denormalizeEntryOpAttrs( result );
 
         return result;

Modified: directory/apacheds/trunk/interceptors/schema/src/main/java/org/apache/directory/server/core/schema/SchemaInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/schema/src/main/java/org/apache/directory/server/core/schema/SchemaInterceptor.java?rev=1420989&r1=1420988&r2=1420989&view=diff
==============================================================================
--- directory/apacheds/trunk/interceptors/schema/src/main/java/org/apache/directory/server/core/schema/SchemaInterceptor.java
(original)
+++ directory/apacheds/trunk/interceptors/schema/src/main/java/org/apache/directory/server/core/schema/SchemaInterceptor.java
Wed Dec 12 21:37:44 2012
@@ -33,6 +33,7 @@ import org.apache.directory.server.core.
 import org.apache.directory.server.core.api.DirectoryService;
 import org.apache.directory.server.core.api.InterceptorEnum;
 import org.apache.directory.server.core.api.entry.ClonedServerEntry;
+import org.apache.directory.server.core.api.entry.ServerEntryUtils;
 import org.apache.directory.server.core.api.filtering.BaseEntryFilteringCursor;
 import org.apache.directory.server.core.api.filtering.EntryFilter;
 import org.apache.directory.server.core.api.filtering.EntryFilteringCursor;
@@ -1242,6 +1243,8 @@ public class SchemaInterceptor extends B
     public Entry lookup( LookupOperationContext lookupContext ) throws LdapException
     {
         Entry result = next( lookupContext );
+        
+        ServerEntryUtils.filterContents( result, lookupContext );
 
         filterBinaryAttributes( result );
 

Modified: directory/apacheds/trunk/xdbm-partition/src/main/java/org/apache/directory/server/core/partition/impl/btree/AbstractBTreePartition.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/xdbm-partition/src/main/java/org/apache/directory/server/core/partition/impl/btree/AbstractBTreePartition.java?rev=1420989&r1=1420988&r2=1420989&view=diff
==============================================================================
--- directory/apacheds/trunk/xdbm-partition/src/main/java/org/apache/directory/server/core/partition/impl/btree/AbstractBTreePartition.java
(original)
+++ directory/apacheds/trunk/xdbm-partition/src/main/java/org/apache/directory/server/core/partition/impl/btree/AbstractBTreePartition.java
Wed Dec 12 21:37:44 2012
@@ -1092,8 +1092,6 @@ public abstract class AbstractBTreeParti
         }
 
         Entry entry = lookup( id, lookupContext.getDn() );
-        
-        ServerEntryUtils.filterContents( entry, lookupContext );
 
         return entry;
     }



Mime
View raw message