From f3612b1aa023f12906a71cb12c6ca1cae12aa5dd Mon Sep 17 00:00:00 2001
From: Matthew Swift <matthew.swift@forgerock.com>
Date: Fri, 22 Mar 2013 13:01:05 +0000
Subject: [PATCH] Partial fix for OPENDJ-694: Implement HTTP BASIC authentication

---
 opendj3/opendj-rest2ldap/src/main/java/org/forgerock/opendj/rest2ldap/Rest2LDAP.java |   35 +++++++++++++++++++++++++++++------
 1 files changed, 29 insertions(+), 6 deletions(-)

diff --git a/opendj3/opendj-rest2ldap/src/main/java/org/forgerock/opendj/rest2ldap/Rest2LDAP.java b/opendj3/opendj-rest2ldap/src/main/java/org/forgerock/opendj/rest2ldap/Rest2LDAP.java
index b69da29..9a7bed6 100644
--- a/opendj3/opendj-rest2ldap/src/main/java/org/forgerock/opendj/rest2ldap/Rest2LDAP.java
+++ b/opendj3/opendj-rest2ldap/src/main/java/org/forgerock/opendj/rest2ldap/Rest2LDAP.java
@@ -71,6 +71,7 @@
         private ConnectionFactory factory;
         private MVCCStrategy mvccStrategy;
         private NameStrategy nameStrategy;
+        private AuthorizationPolicy authzPolicy = AuthorizationPolicy.NONE;
         private AuthzIdTemplate proxiedAuthzTemplate;
         private ReadOnUpdatePolicy readOnUpdatePolicy = CONTROLS;
         private AttributeMapper rootMapper;
@@ -105,13 +106,30 @@
             if (rootMapper == null) {
                 throw new IllegalStateException("No mappings provided");
             }
-            if (proxiedAuthzTemplate != null && factory == null) {
-                throw new IllegalStateException(
-                        "No connection factory specified for use with proxied authorization");
+            switch (authzPolicy) {
+            case NONE:
+                if (factory == null) {
+                    throw new IllegalStateException(
+                            "A connection factory must be specified when the authorization policy is 'none'");
+                }
+                break;
+            case PROXY:
+                if (proxiedAuthzTemplate == null) {
+                    throw new IllegalStateException(
+                            "Proxied authorization enabled but no template defined");
+                }
+                if (factory == null) {
+                    throw new IllegalStateException(
+                            "A connection factory must be specified when using proxied authorization");
+                }
+                break;
+            case REUSE:
+                // This is always ok.
+                break;
             }
             return new LDAPCollectionResourceProvider(baseDN, rootMapper, nameStrategy,
-                    mvccStrategy, new Config(factory, readOnUpdatePolicy, proxiedAuthzTemplate,
-                            schema), additionalLDAPAttributes);
+                    mvccStrategy, new Config(factory, readOnUpdatePolicy, authzPolicy,
+                            proxiedAuthzTemplate, schema), additionalLDAPAttributes);
         }
 
         /**
@@ -302,7 +320,12 @@
             return useEtagAttribute(ad(attribute));
         }
 
-        public Builder useProxiedAuthorization(final String template) {
+        public Builder authorizationPolicy(final AuthorizationPolicy policy) {
+            this.authzPolicy = ensureNotNull(policy);
+            return this;
+        }
+
+        public Builder proxyAuthzIdTemplate(final String template) {
             this.proxiedAuthzTemplate = template != null ? new AuthzIdTemplate(template) : null;
             return this;
         }

--
Gitblit v1.10.0