directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From elecha...@apache.org
Subject svn commit: r1646605 - in /directory/shared/trunk: integ/src/test/java/org/apache/directory/api/ldap/codec/api/ ldap/codec/core/src/main/java/org/apache/directory/api/ldap/codec/osgi/ ldap/codec/core/src/test/java/org/apache/directory/api/ldap/codec/so...
Date Fri, 19 Dec 2014 01:26:43 GMT
Author: elecharny
Date: Fri Dec 19 01:26:42 2014
New Revision: 1646605

URL: http://svn.apache.org/r1646605
Log:
Added the ProxiedAuthz control declaration and usage

Added:
    directory/shared/trunk/ldap/model/src/main/java/org/apache/directory/api/ldap/model/message/controls/ProxiedAuthz.java
    directory/shared/trunk/ldap/model/src/main/java/org/apache/directory/api/ldap/model/message/controls/ProxiedAuthzImpl.java
Removed:
    directory/shared/trunk/ldap/codec/core/src/test/java/org/apache/directory/api/ldap/codec/sort/
Modified:
    directory/shared/trunk/integ/src/test/java/org/apache/directory/api/ldap/codec/api/StandaloneLdapCodecServiceTest.java
    directory/shared/trunk/ldap/codec/core/src/main/java/org/apache/directory/api/ldap/codec/osgi/DefaultLdapCodecService.java
    directory/shared/trunk/ldap/codec/standalone/src/main/java/org/apache/directory/api/ldap/codec/standalone/CodecFactoryUtil.java

Modified: directory/shared/trunk/integ/src/test/java/org/apache/directory/api/ldap/codec/api/StandaloneLdapCodecServiceTest.java
URL: http://svn.apache.org/viewvc/directory/shared/trunk/integ/src/test/java/org/apache/directory/api/ldap/codec/api/StandaloneLdapCodecServiceTest.java?rev=1646605&r1=1646604&r2=1646605&view=diff
==============================================================================
--- directory/shared/trunk/integ/src/test/java/org/apache/directory/api/ldap/codec/api/StandaloneLdapCodecServiceTest.java
(original)
+++ directory/shared/trunk/integ/src/test/java/org/apache/directory/api/ldap/codec/api/StandaloneLdapCodecServiceTest.java
Fri Dec 19 01:26:42 2014
@@ -47,6 +47,7 @@ public class StandaloneLdapCodecServiceT
         System.setProperty( StandaloneLdapApiService.CONTROLS_LIST,
             "org.apache.directory.api.ldap.codec.controls.cascade.CascadeFactory," +
                 "org.apache.directory.api.ldap.codec.controls.manageDsaIT.ManageDsaITFactory,"
+
+                "org.apache.directory.api.ldap.codec.controls.proxiedauthz.ProxiedAuthzFactory,"
+
                 "org.apache.directory.api.ldap.codec.controls.search.entryChange.EntryChangeFactory,"
+
                 "org.apache.directory.api.ldap.codec.controls.search.pagedSearch.PagedResultsFactory,"
+
                 "org.apache.directory.api.ldap.codec.controls.search.persistentSearch.PersistentSearchFactory,"
+

Modified: directory/shared/trunk/ldap/codec/core/src/main/java/org/apache/directory/api/ldap/codec/osgi/DefaultLdapCodecService.java
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap/codec/core/src/main/java/org/apache/directory/api/ldap/codec/osgi/DefaultLdapCodecService.java?rev=1646605&r1=1646604&r2=1646605&view=diff
==============================================================================
--- directory/shared/trunk/ldap/codec/core/src/main/java/org/apache/directory/api/ldap/codec/osgi/DefaultLdapCodecService.java
(original)
+++ directory/shared/trunk/ldap/codec/core/src/main/java/org/apache/directory/api/ldap/codec/osgi/DefaultLdapCodecService.java
Fri Dec 19 01:26:42 2014
@@ -43,6 +43,7 @@ import org.apache.directory.api.ldap.cod
 import org.apache.directory.api.ldap.codec.api.MessageDecorator;
 import org.apache.directory.api.ldap.codec.controls.cascade.CascadeFactory;
 import org.apache.directory.api.ldap.codec.controls.manageDsaIT.ManageDsaITFactory;
+import org.apache.directory.api.ldap.codec.controls.proxiedauthz.ProxiedAuthzFactory;
 import org.apache.directory.api.ldap.codec.controls.search.entryChange.EntryChangeFactory;
 import org.apache.directory.api.ldap.codec.controls.search.pagedSearch.PagedResultsFactory;
 import org.apache.directory.api.ldap.codec.controls.search.persistentSearch.PersistentSearchFactory;
@@ -59,6 +60,7 @@ import org.apache.directory.api.ldap.mod
 import org.apache.directory.api.ldap.model.message.controls.OpaqueControl;
 import org.apache.directory.api.ldap.model.message.controls.PagedResults;
 import org.apache.directory.api.ldap.model.message.controls.PersistentSearch;
+import org.apache.directory.api.ldap.model.message.controls.ProxiedAuthz;
 import org.apache.directory.api.ldap.model.message.controls.Subentries;
 import org.apache.directory.api.util.Strings;
 import org.apache.directory.api.util.exception.NotImplementedException;
@@ -114,6 +116,10 @@ public class DefaultLdapCodecService imp
         controlFactories.put( manageDsaItFactory.getOid(), manageDsaItFactory );
         LOG.info( "Registered pre-bundled control factory: {}", manageDsaItFactory.getOid()
);
 
+        ControlFactory<ProxiedAuthz> proxiedAuthzFactory = new ProxiedAuthzFactory(
this );
+        controlFactories.put( proxiedAuthzFactory.getOid(), proxiedAuthzFactory );
+        LOG.info( "Registered pre-bundled control factory: {}", proxiedAuthzFactory.getOid()
);
+
         ControlFactory<PagedResults> pageResultsFactory = new PagedResultsFactory(
this );
         controlFactories.put( pageResultsFactory.getOid(), pageResultsFactory );
         LOG.info( "Registered pre-bundled control factory: {}", pageResultsFactory.getOid()
);

Modified: directory/shared/trunk/ldap/codec/standalone/src/main/java/org/apache/directory/api/ldap/codec/standalone/CodecFactoryUtil.java
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap/codec/standalone/src/main/java/org/apache/directory/api/ldap/codec/standalone/CodecFactoryUtil.java?rev=1646605&r1=1646604&r2=1646605&view=diff
==============================================================================
--- directory/shared/trunk/ldap/codec/standalone/src/main/java/org/apache/directory/api/ldap/codec/standalone/CodecFactoryUtil.java
(original)
+++ directory/shared/trunk/ldap/codec/standalone/src/main/java/org/apache/directory/api/ldap/codec/standalone/CodecFactoryUtil.java
Fri Dec 19 01:26:42 2014
@@ -27,6 +27,7 @@ import org.apache.directory.api.ldap.cod
 import org.apache.directory.api.ldap.codec.api.LdapApiService;
 import org.apache.directory.api.ldap.codec.controls.cascade.CascadeFactory;
 import org.apache.directory.api.ldap.codec.controls.manageDsaIT.ManageDsaITFactory;
+import org.apache.directory.api.ldap.codec.controls.proxiedauthz.ProxiedAuthzFactory;
 import org.apache.directory.api.ldap.codec.controls.search.entryChange.EntryChangeFactory;
 import org.apache.directory.api.ldap.codec.controls.search.pagedSearch.PagedResultsFactory;
 import org.apache.directory.api.ldap.codec.controls.search.persistentSearch.PersistentSearchFactory;
@@ -58,6 +59,7 @@ import org.apache.directory.api.ldap.mod
 import org.apache.directory.api.ldap.model.message.controls.ManageDsaIT;
 import org.apache.directory.api.ldap.model.message.controls.PagedResults;
 import org.apache.directory.api.ldap.model.message.controls.PersistentSearch;
+import org.apache.directory.api.ldap.model.message.controls.ProxiedAuthz;
 import org.apache.directory.api.ldap.model.message.controls.SortRequest;
 import org.apache.directory.api.ldap.model.message.controls.SortResponse;
 import org.apache.directory.api.ldap.model.message.controls.Subentries;
@@ -92,6 +94,10 @@ public class CodecFactoryUtil
         controlFactories.put( manageDsaITFactory.getOid(), manageDsaITFactory );
         LOG.info( "Registered pre-bundled control factory: {}", manageDsaITFactory.getOid()
);
 
+        ControlFactory<ProxiedAuthz> proxiedAuthzFactory = new ProxiedAuthzFactory(
apiService );
+        controlFactories.put( proxiedAuthzFactory.getOid(), proxiedAuthzFactory );
+        LOG.info( "Registered pre-bundled control factory: {}", proxiedAuthzFactory.getOid()
);
+
         ControlFactory<PagedResults> pagedResultsFactory = new PagedResultsFactory(
apiService );
         controlFactories.put( pagedResultsFactory.getOid(), pagedResultsFactory );
         LOG.info( "Registered pre-bundled control factory: {}", pagedResultsFactory.getOid()
);
@@ -131,7 +137,7 @@ public class CodecFactoryUtil
         ControlFactory<SortResponse> sortResponseFactory = new SortResponseFactory(
apiService );
         controlFactories.put( sortResponseFactory.getOid(), sortResponseFactory );
         LOG.info( "Registered pre-bundled control factory: {}", sortResponseFactory.getOid()
);
-        
+
         ControlFactory<AdDirSync> adDirSyncFactory = new AdDirSyncFactory( apiService
);
         controlFactories.put( adDirSyncFactory.getOid(), adDirSyncFactory );
         LOG.info( "Registered pre-bundled control factory: {}", adDirSyncFactory.getOid()
);

Added: directory/shared/trunk/ldap/model/src/main/java/org/apache/directory/api/ldap/model/message/controls/ProxiedAuthz.java
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap/model/src/main/java/org/apache/directory/api/ldap/model/message/controls/ProxiedAuthz.java?rev=1646605&view=auto
==============================================================================
--- directory/shared/trunk/ldap/model/src/main/java/org/apache/directory/api/ldap/model/message/controls/ProxiedAuthz.java
(added)
+++ directory/shared/trunk/ldap/model/src/main/java/org/apache/directory/api/ldap/model/message/controls/ProxiedAuthz.java
Fri Dec 19 01:26:42 2014
@@ -0,0 +1,86 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.directory.api.ldap.model.message.controls;
+
+
+import org.apache.directory.api.ldap.model.message.Control;
+
+
+/**
+ * Control which defines the Proxy Authorization request. More information is available in
<a
+ * href="https://tools.ietf.org/html/rfc4370">RFC 4370</a>. Below we have included
section 3 of the RFC describing
+ * this control:
+ *
+ * <pre>
+ *  3. Proxy Authorization Control
+ *
+ *      A single Proxy Authorization Control may be included in any search,
+ *   compare, modify, add, delete, or modify Distinguished Name (DN) or
+ *   extended operation request message.  The exception is any extension
+ *   that causes a change in authentication, authorization, or data
+ *   confidentiality [RFC2829], such as Start TLS [LDAPTLS] as part of the
+ *   controls field of the LDAPMessage, as defined in [RFC2251].
+ *
+ *   The controlType of the proxy authorization control is
+ *   "2.16.840.1.113730.3.4.18".
+ *
+ *   The criticality MUST be present and MUST be TRUE.  This requirement
+ *   protects clients from submitting a request that is executed with an
+ *   unintended authorization identity.
+ *
+ *   Clients MUST include the criticality flag and MUST set it to TRUE.
+ *   Servers MUST reject any request containing a Proxy Authorization
+ *   Control without a criticality flag or with the flag set to FALSE with
+ *   a protocolError error.  These requirements protect clients from
+ *   submitting a request that is executed with an unintended
+ *   authorization identity.
+ *
+ *   The controlValue SHALL be present and SHALL either contain an authzId
+ *   [AUTH] representing the authorization identity for the request or be
+ *   empty if an anonymous association is to be used.
+ *
+ *   The mechanism for determining proxy access rights is specific to the
+ *   server's proxy authorization policy.
+ *
+ *   If the requested authorization identity is recognized by the server,
+ *   and the client is authorized to adopt the requested authorization
+ *   identity, the request will be executed as if submitted by the proxy
+ *   authorization identity; otherwise, the result code 123 is returned.
+ * </pre>
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+public interface ProxiedAuthz extends Control
+{
+    /** This control OID */
+    String OID = "2.16.840.1.113730.3.4.18";
+
+
+    /**
+     * @returns The authzId 
+     */
+    String getAuthzId();
+
+
+    /**
+     * @param authzId The authzId to set. Must be empty (not null), or a valid DN prefixed
by 'dn:', or any
+     * user information prefixed by 'u:'
+     */
+    void setAuthzId( String authzId );
+}

Added: directory/shared/trunk/ldap/model/src/main/java/org/apache/directory/api/ldap/model/message/controls/ProxiedAuthzImpl.java
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap/model/src/main/java/org/apache/directory/api/ldap/model/message/controls/ProxiedAuthzImpl.java?rev=1646605&view=auto
==============================================================================
--- directory/shared/trunk/ldap/model/src/main/java/org/apache/directory/api/ldap/model/message/controls/ProxiedAuthzImpl.java
(added)
+++ directory/shared/trunk/ldap/model/src/main/java/org/apache/directory/api/ldap/model/message/controls/ProxiedAuthzImpl.java
Fri Dec 19 01:26:42 2014
@@ -0,0 +1,153 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.directory.api.ldap.model.message.controls;
+
+
+import org.apache.directory.api.ldap.model.name.Dn;
+import org.apache.directory.api.util.Strings;
+
+
+/**
+ * Simple ProxiedAuthz implementation class.
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ * @version $Rev$, $Date$
+ */
+public class ProxiedAuthzImpl extends AbstractControl implements ProxiedAuthz
+{
+    /**
+     * The authzId used to authorize the user.
+     */
+    private String authzId;
+
+
+    /**
+     * Default constructor.
+     */
+    public ProxiedAuthzImpl()
+    {
+        super( OID );
+
+        // The criticality must be true
+        setCritical( true );
+    }
+
+
+    /**
+     * @return the authzId
+     */
+    public String getAuthzId()
+    {
+        return authzId;
+    }
+
+
+    /**
+     * The authzId syntax is given by the RFC 2829 :
+     * 
+     * <pre>
+     * authzId    = dnAuthzId / uAuthzId / <empty>
+     * dnAuthzId  = "dn:" dn
+     * dn         = utf8string
+     * uAuthzId   = "u:" userid
+     * userid     = utf8string
+     * </pre>
+     * @param authzId the authzId to set
+     */
+    public void setAuthzId( String authzId )
+    {
+        // We should have a valid authzId
+        if ( authzId == null )
+        {
+            throw new RuntimeException( "Invalid proxied authz value : cannot be null" );
+        }
+
+        if ( !Strings.isEmpty( authzId ) )
+        {
+            String lowercaseAuthzId = Strings.toLowerCase( authzId );
+
+            if ( lowercaseAuthzId.startsWith( "dn:" ) )
+            {
+                String dn = authzId.substring( 3 );
+
+                if ( !Dn.isValid( dn ) )
+                {
+                    throw new RuntimeException( "Invalid proxied authz value : the DN is
not valid" );
+                }
+            }
+            else if ( !lowercaseAuthzId.startsWith( "u:" ) )
+            {
+                throw new RuntimeException( "Invalid proxied authz value : should start with
'dn:' or 'u:'" );
+            }
+        }
+
+        this.authzId = authzId;
+    }
+
+
+    /**
+     * @see Object#hashCode()
+     */
+    @Override
+    public int hashCode()
+    {
+        int h = super.hashCode();
+
+        if ( authzId != null )
+        {
+            h = h * 37 + authzId.hashCode();
+        }
+
+        return h;
+    }
+
+
+    /**
+     * @see Object#equals(Object)
+     */
+    @Override
+    public boolean equals( Object o )
+    {
+        if ( !super.equals( o ) )
+        {
+            return false;
+        }
+
+        ProxiedAuthz otherControl = ( ProxiedAuthz ) o;
+
+        return ( authzId == otherControl.getAuthzId() )
+            || ( ( authzId != null ) && authzId.equals( otherControl.getAuthzId()
) );
+    }
+
+
+    /**
+     * Return a String representing this PagedSearchControl.
+     */
+    public String toString()
+    {
+        StringBuffer sb = new StringBuffer();
+
+        sb.append( "    Proxied Authz Control\n" );
+        sb.append( "        oid : " ).append( getOid() ).append( '\n' );
+        sb.append( "        critical : " ).append( isCritical() ).append( '\n' );
+        sb.append( "        authzid   : '" ).append( authzId ).append( "'\n" );
+
+        return sb.toString();
+    }
+}
\ No newline at end of file



Mime
View raw message