Return-Path: X-Original-To: apmail-directory-commits-archive@www.apache.org Delivered-To: apmail-directory-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 456F41722C for ; Wed, 5 Nov 2014 17:33:09 +0000 (UTC) Received: (qmail 38640 invoked by uid 500); 5 Nov 2014 17:33:09 -0000 Delivered-To: apmail-directory-commits-archive@directory.apache.org Received: (qmail 38602 invoked by uid 500); 5 Nov 2014 17:33:09 -0000 Mailing-List: contact commits-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@directory.apache.org Delivered-To: mailing list commits@directory.apache.org Received: (qmail 38590 invoked by uid 99); 5 Nov 2014 17:33:09 -0000 Received: from tyr.zones.apache.org (HELO tyr.zones.apache.org) (140.211.11.114) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 05 Nov 2014 17:33:09 +0000 Received: by tyr.zones.apache.org (Postfix, from userid 65534) id CA28C9082F2; Wed, 5 Nov 2014 17:33:08 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit From: elecharny@apache.org To: commits@directory.apache.org Date: Wed, 05 Nov 2014 17:33:09 -0000 Message-Id: <434b19d6c07f4069849df9a79a10571e@git.apache.org> In-Reply-To: <04a304158115456a84f34ec1626becc3@git.apache.org> References: <04a304158115456a84f34ec1626becc3@git.apache.org> X-Mailer: ASF-Git Admin Mailer Subject: [02/20] git commit: Fixed a LOG statement (removing a string concatenation) Fixed a LOG statement (removing a string concatenation) Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/repo Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/commit/89acb727 Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/tree/89acb727 Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/diff/89acb727 Branch: refs/heads/master Commit: 89acb727eac1a9dbeb0e359359b246e3266f785a Parents: 29cf8aa Author: Emmanuel Lécharny Authored: Sun Nov 2 16:54:05 2014 +0100 Committer: Emmanuel Lécharny Committed: Sun Nov 2 16:54:05 2014 +0100 ---------------------------------------------------------------------- .../fortress/core/rbac/AcceleratorDAO.java | 64 ++++++++++++-------- 1 file changed, 39 insertions(+), 25 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/89acb727/src/main/java/org/apache/directory/fortress/core/rbac/AcceleratorDAO.java ---------------------------------------------------------------------- diff --git a/src/main/java/org/apache/directory/fortress/core/rbac/AcceleratorDAO.java b/src/main/java/org/apache/directory/fortress/core/rbac/AcceleratorDAO.java index b01b5a3..7e71ac7 100644 --- a/src/main/java/org/apache/directory/fortress/core/rbac/AcceleratorDAO.java +++ b/src/main/java/org/apache/directory/fortress/core/rbac/AcceleratorDAO.java @@ -20,6 +20,8 @@ package org.apache.directory.fortress.core.rbac; +import org.apache.directory.api.ldap.model.exception.LdapException; +import org.apache.directory.api.ldap.model.message.ResultCodeEnum; import org.apache.directory.fortress.core.GlobalErrIds; import org.openldap.accelerator.api.addRole.RbacAddRoleRequest; import org.openldap.accelerator.api.addRole.RbacAddRoleRequestImpl; @@ -36,9 +38,6 @@ import org.openldap.accelerator.api.deleteSession.RbacDeleteSessionResponse; import org.openldap.accelerator.api.dropRole.RbacDropRoleRequest; import org.openldap.accelerator.api.dropRole.RbacDropRoleRequestImpl; import org.openldap.accelerator.api.dropRole.RbacDropRoleResponse; -import org.apache.directory.api.ldap.model.exception.LdapException; -import org.apache.directory.ldap.client.api.LdapConnection; - import org.openldap.accelerator.api.sessionRoles.RbacSessionRolesRequest; import org.openldap.accelerator.api.sessionRoles.RbacSessionRolesRequestImpl; import org.openldap.accelerator.api.sessionRoles.RbacSessionRolesResponse; @@ -47,6 +46,7 @@ import org.slf4j.LoggerFactory; import org.apache.directory.fortress.core.SecurityException; import org.apache.directory.fortress.core.ldap.ApacheDsDataProvider; import org.apache.directory.fortress.core.util.attr.VUtil; +import org.apache.directory.ldap.client.api.LdapConnection; import java.util.ArrayList; import java.util.List; @@ -62,7 +62,6 @@ import java.util.List; * @author Shawn McKinney */ final class AcceleratorDAO extends ApacheDsDataProvider - { private static final Logger LOG = LoggerFactory.getLogger( AcceleratorDAO.class.getName() ); @@ -86,6 +85,7 @@ final class AcceleratorDAO extends ApacheDsDataProvider { Session session = null; LdapConnection ld = null; + try { ld = getAdminConnection(); @@ -96,6 +96,7 @@ final class AcceleratorDAO extends ApacheDsDataProvider rbacCreateSessionRequest.setTenantId( user.getContextId() ); rbacCreateSessionRequest.setUserIdentity( user.getUserId() ); rbacCreateSessionRequest.setPassword( new String(user.getPassword()) ); + if( VUtil.isNotNullOrEmpty( user.getRoles() )) { for ( UserRole userRole : user.getRoles()) @@ -103,12 +104,14 @@ final class AcceleratorDAO extends ApacheDsDataProvider rbacCreateSessionRequest.addRole( userRole.getName() ); } } + // Send the request RbacCreateSessionResponse rbacCreateSessionResponse = ( RbacCreateSessionResponse ) ld.extended( rbacCreateSessionRequest ); - LOG.debug( "createSession userId: " + user.getUserId() + ", sessionId: " + rbacCreateSessionResponse.getSessionId() + ", resultCode: " + rbacCreateSessionResponse.getLdapResult().getResultCode().getResultCode()); + LOG.debug( "createSession userId: {}, sessionId: {}",user.getUserId(), rbacCreateSessionResponse.getSessionId() + ", resultCode: " + rbacCreateSessionResponse.getLdapResult().getResultCode()); session = new Session( user, rbacCreateSessionResponse.getSessionId() ); - if(rbacCreateSessionResponse.getLdapResult().getResultCode().getResultCode() == 0) + + if ( rbacCreateSessionResponse.getLdapResult().getResultCode() == ResultCodeEnum.SUCCESS ) { session.setAuthenticated(true); } @@ -129,6 +132,7 @@ final class AcceleratorDAO extends ApacheDsDataProvider { closeAdminConnection( ld ); } + return session; } @@ -148,35 +152,31 @@ final class AcceleratorDAO extends ApacheDsDataProvider * @return True if user has access, false otherwise. * @throws SecurityException rethrows {@code LdapException} with {@code GlobalErrIds.ACEL_CHECK_ACCESS_ERR}. */ - boolean checkAccess( Session session, Permission perm ) - throws SecurityException + boolean checkAccess( Session session, Permission perm ) throws SecurityException { boolean result = false; LdapConnection ld = null; + try { ld = getAdminConnection(); RbacCheckAccessRequest rbacCheckAccessRequest = new RbacCheckAccessRequestImpl(); rbacCheckAccessRequest.setSessionId( session.getSessionId() ); rbacCheckAccessRequest.setObject( perm.getObjName() ); + // objectId is optional if(VUtil.isNotNullOrEmpty( perm.getObjId())) { rbacCheckAccessRequest.setObjectId( perm.getObjId() ); } + rbacCheckAccessRequest.setOperation( perm.getOpName() ); // Send the request RbacCheckAccessResponse rbacCheckAccessResponse = ( RbacCheckAccessResponse ) ld.extended( rbacCheckAccessRequest ); - LOG.debug( "checkAccess result: {}", rbacCheckAccessResponse.getLdapResult().getResultCode().getResultCode()); - if(rbacCheckAccessResponse.getLdapResult().getResultCode().getResultCode() == 0) - { - result = true; - } - else - { - result = false; - } + LOG.debug( "checkAccess result: {}", rbacCheckAccessResponse.getLdapResult().getResultCode() ); + + result = rbacCheckAccessResponse.getLdapResult().getResultCode() == ResultCodeEnum.SUCCESS; } catch ( LdapException e ) { @@ -188,6 +188,7 @@ final class AcceleratorDAO extends ApacheDsDataProvider { closeAdminConnection( ld ); } + return result; } @@ -205,6 +206,7 @@ final class AcceleratorDAO extends ApacheDsDataProvider void dropActiveRole( Session session, UserRole userRole ) throws SecurityException { LdapConnection ld = null; + try { ld = getAdminConnection(); @@ -215,8 +217,9 @@ final class AcceleratorDAO extends ApacheDsDataProvider // Send the request RbacDropRoleResponse rbacDropRoleResponse = ( RbacDropRoleResponse ) ld.extended( dropRoleRequest ); - LOG.debug( "dropActiveRole result: {}", rbacDropRoleResponse.getLdapResult().getResultCode().getResultCode()); - if(rbacDropRoleResponse.getLdapResult().getResultCode().getResultCode() != 0) + LOG.debug( "dropActiveRole result: {}", rbacDropRoleResponse.getLdapResult().getResultCode() ); + + if ( rbacDropRoleResponse.getLdapResult().getResultCode() != ResultCodeEnum.SUCCESS ) { String info = "dropActiveRole Role [" + userRole.getName() + "] User [" + session.getUserId() + "], not previously activated."; @@ -234,6 +237,7 @@ final class AcceleratorDAO extends ApacheDsDataProvider closeAdminConnection( ld ); } } + /** * Activate user role into rbac session @@ -248,6 +252,7 @@ final class AcceleratorDAO extends ApacheDsDataProvider void addActiveRole( Session session, UserRole userRole ) throws SecurityException { LdapConnection ld = null; + try { ld = getAdminConnection(); @@ -258,12 +263,14 @@ final class AcceleratorDAO extends ApacheDsDataProvider // Send the request RbacAddRoleResponse rbacAddRoleResponse = ( RbacAddRoleResponse ) ld.extended( addRoleRequest ); - LOG.debug( "addActiveRole result: {}", rbacAddRoleResponse.getLdapResult().getResultCode().getResultCode()); - if(rbacAddRoleResponse.getLdapResult().getResultCode().getResultCode() != 0) + LOG.debug( "addActiveRole result: {}", rbacAddRoleResponse.getLdapResult().getResultCode() ); + + if ( rbacAddRoleResponse.getLdapResult().getResultCode() != ResultCodeEnum.SUCCESS ) { String info; int rc; - if(rbacAddRoleResponse.getLdapResult().getResultCode().getResultCode() == 20) + + if( rbacAddRoleResponse.getLdapResult().getResultCode() == ResultCodeEnum.ATTRIBUTE_OR_VALUE_EXISTS ) { info = "addActiveRole Role [" + userRole.getName() + "] User [" + session.getUserId() + "], already activated."; @@ -275,6 +282,7 @@ final class AcceleratorDAO extends ApacheDsDataProvider + session.getUserId() + "], not authorized for user."; rc = GlobalErrIds.URLE_ACTIVATE_FAILED; } + throw new SecurityException( rc, info ); } } @@ -289,6 +297,7 @@ final class AcceleratorDAO extends ApacheDsDataProvider closeAdminConnection( ld ); } } + /** * Delete the stored session on rbac accelerator server. @@ -300,6 +309,7 @@ final class AcceleratorDAO extends ApacheDsDataProvider void deleteSession( Session session ) throws SecurityException { LdapConnection ld = null; + try { ld = getAdminConnection(); @@ -309,7 +319,7 @@ final class AcceleratorDAO extends ApacheDsDataProvider // Send the request RbacDeleteSessionResponse deleteSessionResponse = ( RbacDeleteSessionResponse ) ld.extended( deleteSessionRequest ); - LOG.debug( "deleteSession result: {}", deleteSessionResponse.getLdapResult().getResultCode().getResultCode()); + LOG.debug( "deleteSession result: {}", deleteSessionResponse.getLdapResult().getResultCode()); } catch ( LdapException e ) { @@ -338,6 +348,7 @@ final class AcceleratorDAO extends ApacheDsDataProvider { LdapConnection ld = null; List userRoleList = null; + try { ld = getAdminConnection(); @@ -348,9 +359,11 @@ final class AcceleratorDAO extends ApacheDsDataProvider RbacSessionRolesResponse sessionRolesResponse = ( RbacSessionRolesResponse ) ld.extended( sessionRolesRequest ); LOG.debug( "sessionRoles result: {}", sessionRolesResponse.getLdapResult().getResultCode().getResultCode()); - if(VUtil.isNotNullOrEmpty( sessionRolesResponse.getRoles() ) ) + + if ( VUtil.isNotNullOrEmpty( sessionRolesResponse.getRoles() ) ) { - userRoleList = new ArrayList<>( ); + userRoleList = new ArrayList(); + for( String roleNm : sessionRolesResponse.getRoles() ) { userRoleList.add( new UserRole( session.getUserId(), roleNm ) ); @@ -368,6 +381,7 @@ final class AcceleratorDAO extends ApacheDsDataProvider { closeAdminConnection( ld ); } + return userRoleList; } }