external-software/github_OpenIdentityPlatform_OpenDJ.git

parent: 2b44f2ab | patch | commit | show whitespace

AciEffectiveRights.java: Changed the signature of createSummary() to return...

Jean-Noel Rouvignac

23.39.2013 9f214a54f4f3431c95cd622ed73e9dfbb03b29a3

AciEffectiveRights.java:
Changed the signature of createSummary() to return the summary string and remove the srcStr parameter.
Extracted methods getEvalReason() and getDecidingAci() from createSummary().

AciHandler.java:
Extracted method getAttributeType().

2 files modified

	opends/src/server/org/opends/server/authorization/dseecompat/AciEffectiveRights.java	68 ●●●●● patch \| view \| raw \| blame \| history
	opends/src/server/org/opends/server/authorization/dseecompat/AciHandler.java	50 ●●●●● patch \| view \| raw \| blame \| history

 opends/src/server/org/opends/server/authorization/dseecompat/AciEffectiveRights.java

@@ -461,7 +461,7 @@
    if(skipCheck && container.isAuthzidAuthorizationDN()) {
      resString.append("write").append(":1");
      container.setEvaluationResult(EnumEvalReason.SKIP_ACI, null);
      createSummary(container, true, "main");
      container.setEvalSummary(createSummary(container, true));
    } else {
      // Reset everything.
      container.resetEffectiveRightsParams();
@@ -580,7 +580,7 @@
    if(skipCheck && container.isAuthzidAuthorizationDN()) {
      resString.append(rightStr).append(":1");
      container.setEvaluationResult(EnumEvalReason.SKIP_ACI, null);
      createSummary(container, true, "main");
      container.setEvalSummary(createSummary(container, true));
    } else {
      boolean ret;
      //Check if read right check, if so do accessAllowedEntry.
@@ -703,29 +703,18 @@
   *
   * @param evalCtx The evaluation context to gather information from.
   * @param evalRet The value returned from the access evaluation.
   * @param srcStr String that can be used to specify where the summary call's
   *               origin is.
   * @return A summary of the ACI evaluation
   */
 public static
  void createSummary(AciEvalContext evalCtx, boolean evalRet, String srcStr) {
    String accessStatus=NOT_ALLOWED;
    if(evalRet)
      accessStatus=ALLOWED;
    String accessReason="";
    StringBuilder decideAci=new StringBuilder("");
  public static String createSummary(AciEvalContext evalCtx, boolean evalRet)
  {
    String srcStr = "main";
    String accessStatus = evalRet ? ALLOWED : NOT_ALLOWED;

    //Try and determine what reason string to use.
    if(evalCtx.getEvalReason() == EnumEvalReason.EVALUATED_ALLOW_ACI) {
      accessReason=EVALUATED_ALLOW;
      decideAci.append(", deciding_aci: ").append(evalCtx.getDecidingAciName());
    } else if(evalCtx.getEvalReason() == EnumEvalReason.EVALUATED_DENY_ACI) {
      accessReason=EVALUATED_DENY;
      decideAci.append(", deciding_aci: ").append(evalCtx.getDecidingAciName());
    }  else if(evalCtx.getEvalReason() == EnumEvalReason.NO_ALLOW_ACIS)
      accessReason=NO_ALLOWS;
    else if(evalCtx.getEvalReason() == EnumEvalReason.NO_MATCHED_ALLOWS_ACIS)
      accessReason=NO_ALLOWS_MATCHED;
    else if(evalCtx.getEvalReason() == EnumEvalReason.SKIP_ACI)
      accessReason=SKIP_ACI;
    String accessReason = getEvalReason(evalCtx.getEvalReason());
    StringBuilder decideAci =
        getDecidingAci(evalCtx.getEvalReason(), evalCtx.getDecidingAciName());

    //Only manipulate the evaluation context's targattrfilters ACI name
    //if not a selfwrite evaluation and the context's targattrfilter match
    //hashtable is not empty.
@@ -765,10 +754,39 @@
      attrStr=aType.getPrimaryName();
    if(evalCtx.getTargAttrFiltersAciName() != null)
      decideAci.append(", access depends on attr value");
    String summaryStr = String.format(summaryFormatStr, srcStr, accessStatus,
    return String.format(summaryFormatStr, srcStr, accessStatus,
                         right,evalCtx.getResourceDN().toString(),attrStr, user,
                            accessReason, decideAci.toString());
    evalCtx.setEvalSummary(summaryStr);
  }

  private static String getEvalReason(EnumEvalReason evalReason)
  {
    if (evalReason == EnumEvalReason.EVALUATED_ALLOW_ACI)
      return EVALUATED_ALLOW;
    else if (evalReason == EnumEvalReason.EVALUATED_DENY_ACI)
      return EVALUATED_DENY;
    else if (evalReason == EnumEvalReason.NO_ALLOW_ACIS)
      return NO_ALLOWS;
    else if (evalReason == EnumEvalReason.NO_MATCHED_ALLOWS_ACIS)
      return NO_ALLOWS_MATCHED;
    else if (evalReason == EnumEvalReason.SKIP_ACI)
      return SKIP_ACI;
    return "";
  }

  private static StringBuilder getDecidingAci(EnumEvalReason evalReason,
      String decidingAciName)
  {
    StringBuilder decideAci = new StringBuilder();
    if (evalReason == EnumEvalReason.EVALUATED_ALLOW_ACI)
    {
      decideAci.append(", deciding_aci: ").append(decidingAciName);
    }
    else if (evalReason == EnumEvalReason.EVALUATED_DENY_ACI)
    {
      decideAci.append(", deciding_aci: ").append(decidingAciName);
    }
    return decideAci;
  }

  /**

 opends/src/server/org/opends/server/authorization/dseecompat/AciHandler.java

@@ -128,34 +128,11 @@
   */
  private static void initStatics()
  {
    if ((aciType = DirectoryServer.getAttributeType("aci")) == null)
    {
      aciType = DirectoryServer.getDefaultAttributeType("aci");
    }
    aciType = getAttributeType("aci");
    globalAciType = getAttributeType(ATTR_AUTHZ_GLOBAL_ACI);
    debugSearchIndex = getAttributeType(EntryContainer.ATTR_DEBUG_SEARCH_INDEX);
    refAttrType = getAttributeType(ATTR_REFERRAL_URL);

    if ((globalAciType =
        DirectoryServer.getAttributeType(ATTR_AUTHZ_GLOBAL_ACI)) == null)
    {
      globalAciType =
          DirectoryServer
              .getDefaultAttributeType(ATTR_AUTHZ_GLOBAL_ACI);
    }

    if ((debugSearchIndex =
        DirectoryServer
            .getAttributeType(EntryContainer.ATTR_DEBUG_SEARCH_INDEX)) == null)
    {
      debugSearchIndex =
          DirectoryServer
              .getDefaultAttributeType(EntryContainer.ATTR_DEBUG_SEARCH_INDEX);
    }

    if ((refAttrType =
        DirectoryServer.getAttributeType(ATTR_REFERRAL_URL)) == null)
    {
      refAttrType =
          DirectoryServer.getDefaultAttributeType(ATTR_REFERRAL_URL);
    }
    try
    {
      debugSearchIndexDN = DN.decode("cn=debugsearch");
@@ -166,6 +143,16 @@
    }
  }

  private static AttributeType getAttributeType(String name)
  {
    AttributeType attrType = DirectoryServer.getAttributeType(name);
    if (attrType == null)
    {
      attrType = DirectoryServer.getDefaultAttributeType(name);
    }
    return attrType;
  }



  /**
@@ -387,11 +374,7 @@
      baseName = toLowerCase(rawAttributeType);
    }

    AttributeType attributeType = DirectoryServer.getAttributeType(baseName);
    if (attributeType == null)
    {
      attributeType = DirectoryServer.getDefaultAttributeType(baseName);
    }
    AttributeType attributeType = getAttributeType(baseName);

    AttributeValue attributeValue =
        AttributeValues.create(attributeType, operation
@@ -722,7 +705,8 @@
    // Build summary string if doing geteffectiverights eval.
    if (container.isGetEffectiveRightsEval())
    {
      AciEffectiveRights.createSummary(container, ret, "main");
      container.setEvalSummary(
          AciEffectiveRights.createSummary(container, ret));
    }
    return ret;
  }

			@@ -461,7 +461,7 @@
			if(skipCheck && container.isAuthzidAuthorizationDN()) {
			resString.append("write").append(":1");
			container.setEvaluationResult(EnumEvalReason.SKIP_ACI, null);
			createSummary(container, true, "main");
			container.setEvalSummary(createSummary(container, true));
			} else {
			// Reset everything.
			container.resetEffectiveRightsParams();
			@@ -580,7 +580,7 @@
			if(skipCheck && container.isAuthzidAuthorizationDN()) {
			resString.append(rightStr).append(":1");
			container.setEvaluationResult(EnumEvalReason.SKIP_ACI, null);
			createSummary(container, true, "main");
			container.setEvalSummary(createSummary(container, true));
			} else {
			boolean ret;
			//Check if read right check, if so do accessAllowedEntry.
			@@ -703,29 +703,18 @@
			*
			* @param evalCtx The evaluation context to gather information from.
			* @param evalRet The value returned from the access evaluation.
			* @param srcStr String that can be used to specify where the summary call's
			* origin is.
			* @return A summary of the ACI evaluation
			*/
			public static
			void createSummary(AciEvalContext evalCtx, boolean evalRet, String srcStr) {
			String accessStatus=NOT_ALLOWED;
			if(evalRet)
			accessStatus=ALLOWED;
			String accessReason="";
			StringBuilder decideAci=new StringBuilder("");
			public static String createSummary(AciEvalContext evalCtx, boolean evalRet)
			{
			String srcStr = "main";
			String accessStatus = evalRet ? ALLOWED : NOT_ALLOWED;

			//Try and determine what reason string to use.
			if(evalCtx.getEvalReason() == EnumEvalReason.EVALUATED_ALLOW_ACI) {
			accessReason=EVALUATED_ALLOW;
			decideAci.append(", deciding_aci: ").append(evalCtx.getDecidingAciName());
			} else if(evalCtx.getEvalReason() == EnumEvalReason.EVALUATED_DENY_ACI) {
			accessReason=EVALUATED_DENY;
			decideAci.append(", deciding_aci: ").append(evalCtx.getDecidingAciName());
			} else if(evalCtx.getEvalReason() == EnumEvalReason.NO_ALLOW_ACIS)
			accessReason=NO_ALLOWS;
			else if(evalCtx.getEvalReason() == EnumEvalReason.NO_MATCHED_ALLOWS_ACIS)
			accessReason=NO_ALLOWS_MATCHED;
			else if(evalCtx.getEvalReason() == EnumEvalReason.SKIP_ACI)
			accessReason=SKIP_ACI;
			String accessReason = getEvalReason(evalCtx.getEvalReason());
			StringBuilder decideAci =
			getDecidingAci(evalCtx.getEvalReason(), evalCtx.getDecidingAciName());

			//Only manipulate the evaluation context's targattrfilters ACI name
			//if not a selfwrite evaluation and the context's targattrfilter match
			//hashtable is not empty.
			@@ -765,10 +754,39 @@
			attrStr=aType.getPrimaryName();
			if(evalCtx.getTargAttrFiltersAciName() != null)
			decideAci.append(", access depends on attr value");
			String summaryStr = String.format(summaryFormatStr, srcStr, accessStatus,
			return String.format(summaryFormatStr, srcStr, accessStatus,
			right,evalCtx.getResourceDN().toString(),attrStr, user,
			accessReason, decideAci.toString());
			evalCtx.setEvalSummary(summaryStr);
			}

			private static String getEvalReason(EnumEvalReason evalReason)
			{
			if (evalReason == EnumEvalReason.EVALUATED_ALLOW_ACI)
			return EVALUATED_ALLOW;
			else if (evalReason == EnumEvalReason.EVALUATED_DENY_ACI)
			return EVALUATED_DENY;
			else if (evalReason == EnumEvalReason.NO_ALLOW_ACIS)
			return NO_ALLOWS;
			else if (evalReason == EnumEvalReason.NO_MATCHED_ALLOWS_ACIS)
			return NO_ALLOWS_MATCHED;
			else if (evalReason == EnumEvalReason.SKIP_ACI)
			return SKIP_ACI;
			return "";
			}

			private static StringBuilder getDecidingAci(EnumEvalReason evalReason,
			String decidingAciName)
			{
			StringBuilder decideAci = new StringBuilder();
			if (evalReason == EnumEvalReason.EVALUATED_ALLOW_ACI)
			{
			decideAci.append(", deciding_aci: ").append(decidingAciName);
			}
			else if (evalReason == EnumEvalReason.EVALUATED_DENY_ACI)
			{
			decideAci.append(", deciding_aci: ").append(decidingAciName);
			}
			return decideAci;
			}

			/**

			@@ -128,34 +128,11 @@
			*/
			private static void initStatics()
			{
			if ((aciType = DirectoryServer.getAttributeType("aci")) == null)
			{
			aciType = DirectoryServer.getDefaultAttributeType("aci");
			}
			aciType = getAttributeType("aci");
			globalAciType = getAttributeType(ATTR_AUTHZ_GLOBAL_ACI);
			debugSearchIndex = getAttributeType(EntryContainer.ATTR_DEBUG_SEARCH_INDEX);
			refAttrType = getAttributeType(ATTR_REFERRAL_URL);

			if ((globalAciType =
			DirectoryServer.getAttributeType(ATTR_AUTHZ_GLOBAL_ACI)) == null)
			{
			globalAciType =
			DirectoryServer
			.getDefaultAttributeType(ATTR_AUTHZ_GLOBAL_ACI);
			}

			if ((debugSearchIndex =
			DirectoryServer
			.getAttributeType(EntryContainer.ATTR_DEBUG_SEARCH_INDEX)) == null)
			{
			debugSearchIndex =
			DirectoryServer
			.getDefaultAttributeType(EntryContainer.ATTR_DEBUG_SEARCH_INDEX);
			}

			if ((refAttrType =
			DirectoryServer.getAttributeType(ATTR_REFERRAL_URL)) == null)
			{
			refAttrType =
			DirectoryServer.getDefaultAttributeType(ATTR_REFERRAL_URL);
			}
			try
			{
			debugSearchIndexDN = DN.decode("cn=debugsearch");
			@@ -166,6 +143,16 @@
			}
			}

			private static AttributeType getAttributeType(String name)
			{
			AttributeType attrType = DirectoryServer.getAttributeType(name);
			if (attrType == null)
			{
			attrType = DirectoryServer.getDefaultAttributeType(name);
			}
			return attrType;
			}



			/**
			@@ -387,11 +374,7 @@
			baseName = toLowerCase(rawAttributeType);
			}

			AttributeType attributeType = DirectoryServer.getAttributeType(baseName);
			if (attributeType == null)
			{
			attributeType = DirectoryServer.getDefaultAttributeType(baseName);
			}
			AttributeType attributeType = getAttributeType(baseName);

			AttributeValue attributeValue =
			AttributeValues.create(attributeType, operation
			@@ -722,7 +705,8 @@
			// Build summary string if doing geteffectiverights eval.
			if (container.isGetEffectiveRightsEval())
			{
			AciEffectiveRights.createSummary(container, ret, "main");
			container.setEvalSummary(
			AciEffectiveRights.createSummary(container, ret));
			}
			return ret;
			}