mirror of https://github.com/OpenIdentityPlatform/OpenDJ.git
opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/Aci.java
@@ -62,7 +62,7 @@ /* * The DN of the entry containing this ACI. */ private DN dn; private final DN dn; /** * Regular expression matching a word group. @@ -89,7 +89,7 @@ /** * Regular expression matching a white space at the end of a pattern. */ public static final String ZERO_OR_MORE_WHITESPACE_END_PATTERN = private static final String ZERO_OR_MORE_WHITESPACE_END_PATTERN = ZERO_OR_MORE_WHITESPACE + "$"; /** opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/AciBody.java
@@ -353,4 +353,13 @@ return ACI_EXPORT; return ACI_NULL; } /** * Return version string of the ACI. * * @return The ACI version string. */ public String getVersion () { return version; } } opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/AciHandler.java
@@ -84,18 +84,18 @@ /** * Attribute type corresponding to "aci" attribute. */ public static AttributeType aciType; static AttributeType aciType; /** * Attribute type corresponding to global "ds-cfg-global-aci" attribute. */ public static AttributeType globalAciType; static AttributeType globalAciType; /** * String used to save the original authorization entry in an operation * attachment if a proxied authorization control was seen. */ public static String ORIG_AUTH_ENTRY="origAuthorizationEntry"; public static final String ORIG_AUTH_ENTRY="origAuthorizationEntry"; /** * String used to save a resource entry containing all the attributes in @@ -103,21 +103,33 @@ * geteffectiverights read right processing when all of an entry'ss * attributes need to examined. */ public static String ALL_ATTRS_RESOURCE_ENTRY = "allAttrsResourceEntry"; public static final String ALL_ATTRS_RESOURCE_ENTRY = "allAttrsResourceEntry"; /** * String used to indicate that the evaluating ACI had a all user attributes * targetattr match (targetattr="*"). */ public static String ALL_USER_ATTRS_MATCHED = "allUserAttrsMatched"; public static final String ALL_USER_ATTRS_MATCHED = "allUserAttrsMatched"; /** * String used to indicate that the evaluating ACI had a all operational * attributes targetattr match (targetattr="+"). */ public static String ALL_OP_ATTRS_MATCHED = "allOpAttrsMatched"; public static final String ALL_OP_ATTRS_MATCHED = "allOpAttrsMatched"; static { if((aciType = DirectoryServer.getAttributeType("aci")) == null) { aciType = DirectoryServer.getDefaultAttributeType("aci"); } if((globalAciType = DirectoryServer.getAttributeType(ATTR_AUTHZ_GLOBAL_ACI)) == null) { globalAciType = DirectoryServer.getDefaultAttributeType(ATTR_AUTHZ_GLOBAL_ACI); } } /** * Creates a new DSEE-compatible access control handler. @@ -141,18 +153,6 @@ DN configurationDN=configuration.dn(); aciList = new AciList(configurationDN); aciListenerMgr = new AciListenerManager(aciList, configurationDN); if((aciType = DirectoryServer.getAttributeType("aci")) == null) { aciType = DirectoryServer.getDefaultAttributeType("aci"); } if((globalAciType = DirectoryServer.getAttributeType(ATTR_AUTHZ_GLOBAL_ACI)) == null) { globalAciType = DirectoryServer.getDefaultAttributeType(ATTR_AUTHZ_GLOBAL_ACI); } processGlobalAcis(configuration); processConfigAcis(); } @@ -519,7 +519,7 @@ * @return True if access checking can be skipped because * the operation client connection has BYPASS_ACL privileges. */ boolean skipAccessCheck(Operation operation) { private boolean skipAccessCheck(Operation operation) { return operation.getClientConnection(). hasPrivilege(Privilege.BYPASS_ACL, operation); } opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/AciList.java
@@ -233,7 +233,6 @@ if(dn == DN.nullDN()) { msgDN=configDN; } String t=value.getValue().toString(); String message = getMessage(msgID, value.getValue().toString(), String.valueOf(msgDN), ex.getMessage()); opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/AciTargets.java
@@ -157,7 +157,7 @@ * the ACI and check if the resource entry is a descendant of that. * @return The ACI target class. */ public Target getTarget() { private Target getTarget() { return target; }
@@ -58,6 +58,8 @@ * Create a class representing an authmethod bind rule keyword from the * provided method and bind rule type. * @param type An enumeration representing the type of the expression. * @param saslMech The string representation of the SASL Mechanism. * @param method An Enumeration of the authentication method. */ private AuthMethod(EnumAuthMethod method, String saslMech, EnumBindRuleType type) { opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/BindRule.java
@@ -486,7 +486,7 @@ EnumBindRuleKeyword keyword, EnumBindRuleType op) throws AciException { KeywordBindRule rule=null; KeywordBindRule rule ; switch (keyword) { case USERDN: { opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/ParentInheritance.java
@@ -55,13 +55,13 @@ /* * Pattern to match for parent inheritance. */ private String parentPat="parent["; private final String parentPat="parent["; /* * Array used to hold the level information. Each slot corresponds to a * level parsed from the rule. */ private int[] levels=new int[MAX_LEVELS]; private final int[] levels=new int[MAX_LEVELS]; /* * The number of levels parsed. @@ -200,7 +200,7 @@ if(attrs.size() != 1) { int msgID = MSGID_ACI_SYNTAX_INVALID_USERATTR_ATTR_URL; String message = getMessage(msgID, pattern); throw new AciException(msgID, pattern); throw new AciException(msgID, message); } baseDN=url.getBaseDN(); if(baseDN.isNullDN()){ @@ -237,7 +237,9 @@ * @return Return an array of levels. */ public int[] getLevels() { return levels; int[] levelsCopy = new int[levels.length]; System.arraycopy(levels, 0, levelsCopy, 0, levels.length); return levelsCopy; } /** opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/TargAttrFilters.java
@@ -326,7 +326,6 @@ return true; LinkedHashMap<AttributeType, SearchFilter> filterList = attrFilterList.getAttributeTypeFilterList(); Iterator<AttributeType> iterator=filterList.keySet().iterator(); boolean attrMatched=true; //Get the resource entry. Entry resEntry=matchCtx.getResourceEntry(); @@ -334,9 +333,9 @@ //the resource entry to see if it has that attribute type. If not //go to the next attribute type. If it is found, then check the entries //attribute type values against the filter. for(;iterator.hasNext() && attrMatched;) { AttributeType attrType=iterator.next(); SearchFilter f=filterList.get(attrType); for(Map.Entry<AttributeType, SearchFilter> e : filterList.entrySet()) { AttributeType attrType=e.getKey(); SearchFilter f=e.getValue(); //Found a match in the entry, iterate over each attribute //type in the entry and check its values agaist the filter. if(resEntry.hasAttribute(attrType)) { @@ -347,6 +346,8 @@ attrMatched=matchFilterAttributeValues(a, attrType, f); } } if(!attrMatched) break; } if(op.equals(EnumTargetOperator.NOT_EQUALITY)) attrMatched = !attrMatched;
