external-software/github_OpenIdentityPlatform_OpenDJ.git

parent: 709f2e00 | patch | commit | ignore whitespace

Fixed checkstyle error in Aci. More ACI debugging/readability changes.

Jean-Noel Rouvignac

26.06.2013 36644aa0229073cde436212f5c42f998c412694a

Fixed checkstyle error in Aci.
More ACI debugging/readability changes.

4 files modified

	opends/src/server/org/opends/server/authorization/dseecompat/Aci.java	2 ●●●●● patch \| view \| raw \| blame \| history
	opends/src/server/org/opends/server/authorization/dseecompat/AciBody.java	5 ●●●●● patch \| view \| raw \| blame \| history
	opends/src/server/org/opends/server/authorization/dseecompat/AciContainer.java	36 ●●●●● patch \| view \| raw \| blame \| history
	opends/src/server/org/opends/server/authorization/dseecompat/AciTargets.java	35 ●●●●● patch \| view \| raw \| blame \| history

 opends/src/server/org/opends/server/authorization/dseecompat/Aci.java

@@ -467,7 +467,7 @@
        //matchCtx right does not contain either ACI_EXT_OP or ACI_CONTROL at
        //this point.
        if(aci.getTargets().getExtOp() != null
            || aci.getTargets().getTargetControl() != null) {
                || aci.getTargets().getTargetControl() != null) {
           return false;
        }
        return  haveSimilarRights(aci, matchCtx) &&

 opends/src/server/org/opends/server/authorization/dseecompat/AciBody.java

@@ -336,7 +336,10 @@
   * needed in the actual evaluation of the ACI. This routine returns only the
   * rights needed in the evaluation. The order does matter, ACI_SELF evaluation
   * needs to be before ACI_WRITE.
   *
    * <p>
    * JNR: I find the implementation in this method dubious.
    * @see EnumRight#hasRights(int, int)
    *
   * @param evalCtx  The evaluation context to determine the rights of.
   * @return  The evaluation rights to used in the evaluation.
   */

 opends/src/server/org/opends/server/authorization/dseecompat/AciContainer.java

@@ -33,6 +33,7 @@

import java.net.InetAddress;
import java.security.cert.Certificate;
import java.util.Collection;
import java.util.HashMap;
import java.util.List;

@@ -680,6 +681,10 @@

   /**
    * {@inheritDoc}
    * <p>
    * JNR: I find the implementation in this method dubious.
    *
    * @see EnumRight#hasRights(int, int)
    */
    @Override
    public boolean hasRights(int rights) {
@@ -853,6 +858,10 @@

  /**
   * {@inheritDoc}
   * <p>
   * JNR: I find the implementation in this method dubious.
   *
   * @see EnumRight#getEnumRight(int)
   */
    @Override
    public String rightToString() {
@@ -976,22 +985,16 @@
    if (attributeType != null)
    {
      appendSeparatorIfNeeded(sb);
      sb.append(attributeType);
      sb.append("attributeType: ").append(attributeType.getNameOrOID());
      if (attributeValue != null)
      {
        sb.append(":").append(attributeType);
        sb.append(":").append(attributeValue);
      }
    }
    if (allowList != null)
    {
      appendSeparatorIfNeeded(sb);
      sb.append(allowList.size()).append(" allow ACIs");
    }
    if (denyList != null)
    {
      appendSeparatorIfNeeded(sb);
      sb.append(denyList.size()).append(" deny ACIs");
    }
    appendSeparatorIfNeeded(sb);
    sb.append(size(allowList)).append(" allow ACIs");
    appendSeparatorIfNeeded(sb);
    sb.append(size(denyList)).append(" deny ACIs");
    if (evalReason != null)
    {
      appendSeparatorIfNeeded(sb);
@@ -1011,4 +1014,13 @@
      sb.append(", ");
    }
  }

  private int size(Collection<?> col)
  {
    if (col != null)
    {
      return col.size();
    }
    return 0;
  }
}

 opends/src/server/org/opends/server/authorization/dseecompat/AciTargets.java

@@ -507,24 +507,24 @@
                                         AciTargetMatchContext targetMatchCtx) {
        boolean ret=true;
        if(!targetMatchCtx.getTargAttrFiltersMatch()) {
            AciTargets targets=aci.getTargets();
            AttributeType a=targetMatchCtx.getCurrentAttributeType();
            int rights=targetMatchCtx.getRights();
            TargetAttr targetAttr = aci.getTargets().getTargetAttr();
            AttributeType attrType = targetMatchCtx.getCurrentAttributeType();
            boolean isFirstAttr=targetMatchCtx.isFirstAttribute();
            if((a != null) && (targets.getTargetAttr() != null))  {
              ret=TargetAttr.isApplicable(a,targets.getTargetAttr());
              setEvalAttributes(targetMatchCtx,targets,ret);
            } else if((a != null) || (targets.getTargetAttr() != null)) {
                if((aci.hasRights(skipRights)) &&
                                                (skipRightsHasRights(rights)))
                    ret=true;
                else if ((targets.getTargetAttr() != null) &&
                        (a == null) && (aci.hasRights(ACI_WRITE)))

            if (attrType != null && targetAttr != null)  {
              ret=TargetAttr.isApplicable(attrType,targetAttr);
              setEvalAttributes(targetMatchCtx,targetAttr,ret);
            } else if (attrType != null || targetAttr != null) {
                if (aci.hasRights(skipRights)
                        && skipRightsHasRights(targetMatchCtx.getRights()))
                    ret = true;
                else if (attrType == null && targetAttr != null
                            && aci.hasRights(ACI_WRITE))
                    ret = true;
                else
                    ret = false;
            }
            if((isFirstAttr) && (aci.getTargets().getTargetAttr() == null)
            if (isFirstAttr && targetAttr == null
                && aci.getTargets().getTargAttrFilters() == null)
                targetMatchCtx.setEntryTestRule(true);
        }
@@ -660,12 +660,12 @@
     *
     *
     * @param ctx  The ctx to check against.
     * @param targets The targets part of the ACI.
     * @param targetAttr The targetattrs part of the ACI.
     * @param ret  The is true if the ACI has already been evaluated to be
     *             applicable.
     */
    private static
    void setEvalAttributes(AciTargetMatchContext ctx, AciTargets targets,
    void setEvalAttributes(AciTargetMatchContext ctx, TargetAttr targetAttr,
                           boolean ret) {
        ctx.clearEvalAttributes(ACI_USER_ATTR_STAR_MATCHED);
        ctx.clearEvalAttributes(ACI_OP_ATTR_PLUS_MATCHED);
@@ -681,12 +681,13 @@
         For example, the expression is: (targetattrs="cn || +) and the current
         attribute type is cn.
        */
        if(ret && targets.getTargetAttr().isAllUserAttributes() &&
        if(ret && targetAttr.isAllUserAttributes() &&
                !ctx.hasEvalUserAttributes())
          ctx.setEvalUserAttributes(ACI_USER_ATTR_STAR_MATCHED);
        else
          ctx.setEvalUserAttributes(ACI_FOUND_USER_ATTR_RULE);
        if(ret && targets.getTargetAttr().isAllOpAttributes() &&

        if(ret && targetAttr.isAllOpAttributes() &&
                !ctx.hasEvalOpAttributes())
          ctx.setEvalOpAttributes(ACI_OP_ATTR_PLUS_MATCHED);
        else

			@@ -467,7 +467,7 @@
			//matchCtx right does not contain either ACI_EXT_OP or ACI_CONTROL at
			//this point.
			if(aci.getTargets().getExtOp() != null
			\|\| aci.getTargets().getTargetControl() != null) {
			\|\| aci.getTargets().getTargetControl() != null) {
			return false;
			}
			return haveSimilarRights(aci, matchCtx) &&

			@@ -336,7 +336,10 @@
			* needed in the actual evaluation of the ACI. This routine returns only the
			* rights needed in the evaluation. The order does matter, ACI_SELF evaluation
			* needs to be before ACI_WRITE.
			*
			* <p>
			* JNR: I find the implementation in this method dubious.
			* @see EnumRight#hasRights(int, int)
			*
			* @param evalCtx The evaluation context to determine the rights of.
			* @return The evaluation rights to used in the evaluation.
			*/

			@@ -33,6 +33,7 @@

			import java.net.InetAddress;
			import java.security.cert.Certificate;
			import java.util.Collection;
			import java.util.HashMap;
			import java.util.List;

			@@ -680,6 +681,10 @@

			/**
			* {@inheritDoc}
			* <p>
			* JNR: I find the implementation in this method dubious.
			*
			* @see EnumRight#hasRights(int, int)
			*/
			@Override
			public boolean hasRights(int rights) {
			@@ -853,6 +858,10 @@

			/**
			* {@inheritDoc}
			* <p>
			* JNR: I find the implementation in this method dubious.
			*
			* @see EnumRight#getEnumRight(int)
			*/
			@Override
			public String rightToString() {
			@@ -976,22 +985,16 @@
			if (attributeType != null)
			{
			appendSeparatorIfNeeded(sb);
			sb.append(attributeType);
			sb.append("attributeType: ").append(attributeType.getNameOrOID());
			if (attributeValue != null)
			{
			sb.append(":").append(attributeType);
			sb.append(":").append(attributeValue);
			}
			}
			if (allowList != null)
			{
			appendSeparatorIfNeeded(sb);
			sb.append(allowList.size()).append(" allow ACIs");
			}
			if (denyList != null)
			{
			appendSeparatorIfNeeded(sb);
			sb.append(denyList.size()).append(" deny ACIs");
			}
			appendSeparatorIfNeeded(sb);
			sb.append(size(allowList)).append(" allow ACIs");
			appendSeparatorIfNeeded(sb);
			sb.append(size(denyList)).append(" deny ACIs");
			if (evalReason != null)
			{
			appendSeparatorIfNeeded(sb);
			@@ -1011,4 +1014,13 @@
			sb.append(", ");
			}
			}

			private int size(Collection<?> col)
			{
			if (col != null)
			{
			return col.size();
			}
			return 0;
			}
			}

			@@ -507,24 +507,24 @@
			AciTargetMatchContext targetMatchCtx) {
			boolean ret=true;
			if(!targetMatchCtx.getTargAttrFiltersMatch()) {
			AciTargets targets=aci.getTargets();
			AttributeType a=targetMatchCtx.getCurrentAttributeType();
			int rights=targetMatchCtx.getRights();
			TargetAttr targetAttr = aci.getTargets().getTargetAttr();
			AttributeType attrType = targetMatchCtx.getCurrentAttributeType();
			boolean isFirstAttr=targetMatchCtx.isFirstAttribute();
			if((a != null) && (targets.getTargetAttr() != null)) {
			ret=TargetAttr.isApplicable(a,targets.getTargetAttr());
			setEvalAttributes(targetMatchCtx,targets,ret);
			} else if((a != null) \|\| (targets.getTargetAttr() != null)) {
			if((aci.hasRights(skipRights)) &&
			(skipRightsHasRights(rights)))
			ret=true;
			else if ((targets.getTargetAttr() != null) &&
			(a == null) && (aci.hasRights(ACI_WRITE)))

			if (attrType != null && targetAttr != null) {
			ret=TargetAttr.isApplicable(attrType,targetAttr);
			setEvalAttributes(targetMatchCtx,targetAttr,ret);
			} else if (attrType != null \|\| targetAttr != null) {
			if (aci.hasRights(skipRights)
			&& skipRightsHasRights(targetMatchCtx.getRights()))
			ret = true;
			else if (attrType == null && targetAttr != null
			&& aci.hasRights(ACI_WRITE))
			ret = true;
			else
			ret = false;
			}
			if((isFirstAttr) && (aci.getTargets().getTargetAttr() == null)
			if (isFirstAttr && targetAttr == null
			&& aci.getTargets().getTargAttrFilters() == null)
			targetMatchCtx.setEntryTestRule(true);
			}
			@@ -660,12 +660,12 @@
			*
			*
			* @param ctx The ctx to check against.
			* @param targets The targets part of the ACI.
			* @param targetAttr The targetattrs part of the ACI.
			* @param ret The is true if the ACI has already been evaluated to be
			* applicable.
			*/
			private static
			void setEvalAttributes(AciTargetMatchContext ctx, AciTargets targets,
			void setEvalAttributes(AciTargetMatchContext ctx, TargetAttr targetAttr,
			boolean ret) {
			ctx.clearEvalAttributes(ACI_USER_ATTR_STAR_MATCHED);
			ctx.clearEvalAttributes(ACI_OP_ATTR_PLUS_MATCHED);
			@@ -681,12 +681,13 @@
			For example, the expression is: (targetattrs="cn \|\| +) and the current
			attribute type is cn.
			*/
			if(ret && targets.getTargetAttr().isAllUserAttributes() &&
			if(ret && targetAttr.isAllUserAttributes() &&
			!ctx.hasEvalUserAttributes())
			ctx.setEvalUserAttributes(ACI_USER_ATTR_STAR_MATCHED);
			else
			ctx.setEvalUserAttributes(ACI_FOUND_USER_ATTR_RULE);
			if(ret && targets.getTargetAttr().isAllOpAttributes() &&

			if(ret && targetAttr.isAllOpAttributes() &&
			!ctx.hasEvalOpAttributes())
			ctx.setEvalOpAttributes(ACI_OP_ATTR_PLUS_MATCHED);
			else