From 209fae2c6e76f3f1f65d4226ce3e9735fd190a24 Mon Sep 17 00:00:00 2001
From: neil_a_wilson <neil_a_wilson@localhost>
Date: Sun, 29 Jul 2007 21:30:06 +0000
Subject: [PATCH] Implement support for restricting the set of tasks that can be invoked in the server.  A new configuration attribute, ds-cfg-allowed-task, is now available in the cn=config entry, and any attempt to invoke a task whose fully-qualified class name is not included in this attribute will be rejected.

---
 opendj-sdk/opends/src/server/org/opends/server/backends/task/TaskScheduler.java |    7 +++++++
 1 files changed, 7 insertions(+), 0 deletions(-)

diff --git a/opendj-sdk/opends/src/server/org/opends/server/backends/task/TaskScheduler.java b/opendj-sdk/opends/src/server/org/opends/server/backends/task/TaskScheduler.java
index bcd30ef..2fd6d42 100644
--- a/opendj-sdk/opends/src/server/org/opends/server/backends/task/TaskScheduler.java
+++ b/opendj-sdk/opends/src/server/org/opends/server/backends/task/TaskScheduler.java
@@ -1829,6 +1829,13 @@
     }
 
     String taskClassName = value.getStringValue();
+    if (! DirectoryServer.getAllowedTasks().contains(taskClassName))
+    {
+      int    msgID   = MSGID_TASKSCHED_NOT_ALLOWED_TASK;
+      String message = getMessage(msgID, taskClassName);
+      throw new DirectoryException(ResultCode.UNWILLING_TO_PERFORM, message,
+                                   msgID);
+    }
 
 
     // Try to load the specified class.

--
Gitblit v1.10.0