From 725b43b24f96156a11494237333cc23cf7cb8c30 Mon Sep 17 00:00:00 2001
From: Matthew Swift <matthew.swift@forgerock.com>
Date: Fri, 22 Jul 2011 09:40:38 +0000
Subject: [PATCH] Fix OPENDJ-241: Unexpected authorization failure when using the assertion control with internal root connections

---
 opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/AciHandler.java |   13 ++++++++++---
 1 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/AciHandler.java b/opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/AciHandler.java
index ccae97b..d5c3865 100644
--- a/opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/AciHandler.java
+++ b/opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/AciHandler.java
@@ -534,11 +534,18 @@
    */
   @Override
   public boolean isAllowed(Operation operation, Entry entry,
-    SearchFilter filter) throws DirectoryException
+      SearchFilter filter) throws DirectoryException
   {
-    AciLDAPOperationContainer operationContainer =
+    if (skipAccessCheck(operation))
+    {
+      return true;
+    }
+    else
+    {
+      AciLDAPOperationContainer operationContainer =
         new AciLDAPOperationContainer(operation, (ACI_READ), entry);
-    return testFilter(operationContainer, filter);
+      return testFilter(operationContainer, filter);
+    }
   }
 
 

--
Gitblit v1.10.0