directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Turkalj, Claus" <C.Turk...@Verband.Creditreform.de>
Subject Problem with SchemaService
Date Thu, 10 Nov 2005 10:03:59 GMT
Hello,

I've been using the ApacheDS 0.9 for Junit tests for a user/group/role
management system which is working against an Oracle Internet Directory
Server.

First of all I want to congratulate you for the great work you've been
doing.

I am just trying to upgrade from 0.9 to 0.9.3.

For version 0.9 I implemented my own Interceptor called ACIService which
does some basic access control checking and throws a
NoPermissionException if the caller is not authorized to add/delete or
modify an entry.
I know there is an ACIItem implementation in 0.9.3 but since I couldn't
find any expample for ldif files I decided to continue to use my working
ACIService.

In one test case I am removing a user from a group by removing the
attribute uniqueMember=<userDN> from the group entry. Since the caller
in this particular test case is not allowed to do this I throw a
NoPermissionException in the ACIService and check that this exception
occurs and that the attribute uniqueMember=<userDN> still exists in the
group entry.
With 0.9.3 the test fails, the exception is thrown but the attribute
doesn't exist any more.

After long debugging sessions I found out that the SchemaService which
is called before my ACIService interceptor in the interceptor chain
modified the attribute.
So although my Interceptor threw the NoPermissionException the
modification was successful.
The modification happend in the following method of SchemaService:

    private boolean isCompleteRemoval( Attribute change, Attributes
entry ) throws NamingException
    {
        // if change size is 0 then all values are deleted then we're
screwed
        if ( change.size() == 0 )
        {
            return true;
        }

        // can't do math to figure our if all values are removed since
some
        // values in the modify request may not be in the entry.  we
need to
        // remove the values from a cloned version of the attribute and
see
        // if nothing is left.
        Attribute changedEntryAttr = (Attribute)entry.get(
change.getID() );
        
        for ( int jj = 0; jj < change.size(); jj++ )
        {
            changedEntryAttr.remove( change.get( jj ) );
        }

        return changedEntryAttr.size() == 0;
    }

When I changed

        Attribute changedEntryAttr = (Attribute)entry.get(
change.getID() );
to

        Attribute changedEntryAttr = (Attribute)entry.get(
change.getID() ).clone;

everything worked as expected.



Claus


Mime
View raw message