From 9e9d53db8853ebf62a6e579c2ec9915bcce00ad1 Mon Sep 17 00:00:00 2001
From: coulbeck <coulbeck@localhost>
Date: Mon, 26 Mar 2007 19:34:02 +0000
Subject: [PATCH] These refactoring changes move the ACI DN pattern matching into a separate class called PatternDN. This will make it easier to rewrite the pattern matching to actually fix the related TODOs. I also have added unit tests for the DN wildcard examples in the DSEE documentation (three of which fail and are commented out for the time being).
---
opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/UserDN.java | 52 +++++++---------------------------------------------
1 files changed, 7 insertions(+), 45 deletions(-)
diff --git a/opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/UserDN.java b/opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/UserDN.java
index c39a1d6..5b1028a 100644
--- a/opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/UserDN.java
+++ b/opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/UserDN.java
@@ -32,7 +32,6 @@
import java.util.*;
import org.opends.server.types.*;
-import org.opends.server.core.DirectoryServer;
/**
* This class represents the userdn keyword in a bind rule.
@@ -54,11 +53,6 @@
*/
private EnumBindRuleType type=null;
- /*
- * Used to evaluate a userdn that has a pattern (wild-card).
- */
- private AttributeType userDNAttrType;
-
/**
* Constructor that creates the userdn class. It also sets up an attribute
* type ("userdn") needed for wild-card matching.
@@ -69,9 +63,6 @@
private UserDN(EnumBindRuleType type, List<UserDNTypeURL> urlList) {
this.type=type;
this.urlList=urlList;
- userDNAttrType = DirectoryServer.getAttributeType("userdn");
- if (userDNAttrType == null)
- userDNAttrType = DirectoryServer.getDefaultAttributeType("userdn");
}
/**
@@ -267,51 +258,22 @@
return matched;
}
- /*
- * TODO Evaluate making this more efficient.
- *
- * The evalDNPattern() method looks like it suffers from the
- * same problem as the matchesPattern() method in the Target
- * class. Creating a dummy entry and attempting to do substring
- * matching on a DN is a pretty expensive and error-prone approach.
- * Using a regular expression would likely be much more efficient and
- * should be simpler.
- */
/**
- * This method evaluates a DN pattern userdn expression. It creates a
- * dummy entry and a substring filter and applies the filter to the
- * entry.
+ * This method evaluates a DN pattern userdn expression.
* @param evalCtx The evaluation context to use.
* @param url The LDAP URL containing the pattern.
* @return An enumeration evaluation result.
*/
private EnumEvalResult evalDNPattern(AciEvalContext evalCtx, LDAPURL url) {
- boolean rc;
- EnumEvalResult ret=EnumEvalResult.TRUE;
- String urlDN;
- SearchFilter filter;
+ PatternDN pattern;
try {
- urlDN=url.getBaseDN().toNormalizedString();
- String pattern="userdn="+urlDN;
- filter=SearchFilter.createFilterFromString(pattern);
+ pattern = PatternDN.decode(url.getRawBaseDN());
} catch (DirectoryException ex) {
- return EnumEvalResult.FALSE;
+ return EnumEvalResult.FALSE;
}
- LinkedHashSet<AttributeValue> vals =
- new LinkedHashSet<AttributeValue>();
- String userDNStr=evalCtx.getClientDN().toNormalizedString();
- vals.add(new AttributeValue(userDNAttrType, userDNStr));
- Attribute attr = new Attribute(userDNAttrType, "userdn", vals);
- Entry e = new Entry(DN.nullDN(), null, null, null);
- e.addAttribute(attr,new ArrayList<AttributeValue>());
- try {
- rc=filter.matchesEntry(e);
- } catch (DirectoryException ex) {
- return EnumEvalResult.FALSE;
- }
- if(!rc)
- ret=EnumEvalResult.FALSE;
- return ret;
+
+ return pattern.matchesDN(evalCtx.getClientDN()) ?
+ EnumEvalResult.TRUE : EnumEvalResult.FALSE;
}
--
Gitblit v1.10.0