From da62427f3da608acc65cea059cff0232d7980727 Mon Sep 17 00:00:00 2001
From: Jean-Noel Rouvignac <jean-noel.rouvignac@forgerock.com>
Date: Thu, 04 Dec 2014 17:02:39 +0000
Subject: [PATCH] OPENDJ-1602 (CR-5566) New pluggable storage based backend
---
opendj3-server-dev/src/server/org/opends/server/authorization/dseecompat/AciHandler.java | 150 +++++++++++--------------------------------------
1 files changed, 35 insertions(+), 115 deletions(-)
diff --git a/opendj3-server-dev/src/server/org/opends/server/authorization/dseecompat/AciHandler.java b/opendj3-server-dev/src/server/org/opends/server/authorization/dseecompat/AciHandler.java
index 063e5b7..b89d0f7 100644
--- a/opendj3-server-dev/src/server/org/opends/server/authorization/dseecompat/AciHandler.java
+++ b/opendj3-server-dev/src/server/org/opends/server/authorization/dseecompat/AciHandler.java
@@ -43,7 +43,7 @@
import org.opends.server.api.AccessControlHandler;
import org.opends.server.api.ClientConnection;
import org.opends.server.api.ConfigHandler;
-import org.opends.server.backends.jeb.EntryContainer;
+import org.opends.server.backends.pluggable.SuffixContainer;
import org.opends.server.controls.GetEffectiveRightsRequestControl;
import org.opends.server.core.*;
import org.opends.server.protocols.internal.InternalClientConnection;
@@ -64,8 +64,7 @@
import static org.opends.server.util.StaticUtils.*;
/**
- * The AciHandler class performs the main processing for the dseecompat
- * package.
+ * The AciHandler class performs the main processing for the dseecompat package.
*/
public final class AciHandler extends
AccessControlHandler<DseeCompatAccessControlHandlerCfg>
@@ -80,8 +79,7 @@
* String used to indicate that the evaluating ACI had a all user
* attributes targetattr match (targetattr="*").
*/
- public static final String ALL_USER_ATTRS_MATCHED =
- "allUserAttrsMatched";
+ public static final String ALL_USER_ATTRS_MATCHED = "allUserAttrsMatched";
/**
* String used to save the original authorization entry in an
@@ -89,25 +87,16 @@
*/
public static final String ORIG_AUTH_ENTRY = "origAuthorizationEntry";
- /**
- * Attribute type corresponding to "aci" attribute.
- */
+ /** Attribute type corresponding to "aci" attribute. */
static AttributeType aciType;
- /**
- * Attribute type corresponding to global "ds-cfg-global-aci"
- * attribute.
- */
+ /** Attribute type corresponding to global "ds-cfg-global-aci" attribute. */
static AttributeType globalAciType;
- /**
- * Attribute type corresponding to "debugsearchindex" attribute.
- */
+ /** Attribute type corresponding to "debugsearchindex" attribute. */
private static AttributeType debugSearchIndex;
- /**
- * DN corresponding to "debugsearchindex" attribute type.
- */
+ /** DN corresponding to "debugsearchindex" attribute type. */
private static DN debugSearchIndexDN;
/**
@@ -132,7 +121,7 @@
{
aciType = getAttributeType("aci");
globalAciType = getAttributeType(ATTR_AUTHZ_GLOBAL_ACI);
- debugSearchIndex = getAttributeType(EntryContainer.ATTR_DEBUG_SEARCH_INDEX);
+ debugSearchIndex = getAttributeType(SuffixContainer.ATTR_DEBUG_SEARCH_INDEX);
refAttrType = getAttributeType(ATTR_REFERRAL_URL);
try
@@ -157,35 +146,23 @@
- /**
- * The list that holds that ACIs keyed by the DN of the entry holding
- * the ACI.
- */
+ /** The list that holds that ACIs keyed by the DN of the entry holding the ACI. */
private AciList aciList;
/**
* The listener that handles ACI changes caused by LDAP operations,
- * ACI decode failure alert logging and backend initialization ACI
- * list adjustment.
+ * ACI decode failure alert logging and backend initialization ACI list adjustment.
*/
private AciListenerManager aciListenerMgr;
-
-
- /**
- * Creates a new DSEE-compatible access control handler.
- */
+ /** Creates a new DSEE-compatible access control handler. */
public AciHandler()
{
// No implementation required. All initialization should be done in
// the intializeAccessControlHandler method.
}
-
-
- /**
- * {@inheritDoc}
- */
+ /** {@inheritDoc} */
@Override
public void filterEntry(Operation operation,
SearchResultEntry unfilteredEntry, SearchResultEntry filteredEntry)
@@ -211,12 +188,8 @@
}
}
-
-
- /**
- * {@inheritDoc}
- */
- @Override()
+ /** {@inheritDoc} */
+ @Override
public void finalizeAccessControlHandler()
{
aciListenerMgr.finalizeListenerManager();
@@ -224,12 +197,8 @@
DirectoryServer.deregisterSupportedControl(OID_GET_EFFECTIVE_RIGHTS);
}
-
-
- /**
- * {@inheritDoc}
- */
- @Override()
+ /** {@inheritDoc} */
+ @Override
public void initializeAccessControlHandler(
DseeCompatAccessControlHandlerCfg configuration)
throws ConfigException, InitializationException
@@ -243,11 +212,7 @@
DirectoryServer.registerSupportedControl(OID_GET_EFFECTIVE_RIGHTS);
}
-
-
- /**
- * {@inheritDoc}
- */
+ /** {@inheritDoc} */
@Override
public boolean isAllowed(DN entryDN, Operation op, Control control)
throws DirectoryException
@@ -286,11 +251,7 @@
return true;
}
-
-
- /**
- * {@inheritDoc}
- */
+ /** {@inheritDoc} */
@Override
public boolean isAllowed(ExtendedOperation operation)
{
@@ -305,33 +266,19 @@
return accessAllowed(container);
}
-
-
- /**
- * {@inheritDoc}
- */
+ /** {@inheritDoc} */
@Override
public boolean isAllowed(LocalBackendAddOperation operation)
throws DirectoryException
{
- AciContainer container =
- new AciLDAPOperationContainer(operation, ACI_ADD);
- if (!isAllowed(container, operation))
- {
- return false;
- }
-
- // LDAP add needs a verify ACI syntax step in case any
- // "aci" attribute types are being added.
- return verifySyntax(operation.getEntryToAdd(), operation, container
- .getClientDN());
+ AciContainer container = new AciLDAPOperationContainer(operation, ACI_ADD);
+ return isAllowed(container, operation)
+ // LDAP add needs a verify ACI syntax step in case any
+ // "aci" attribute types are being added.
+ && verifySyntax(operation.getEntryToAdd(), operation, container.getClientDN());
}
-
-
- /**
- * {@inheritDoc}
- */
+ /** {@inheritDoc} */
@Override
public boolean isAllowed(BindOperation bindOperation)
{
@@ -428,9 +375,8 @@
// original entry DN has export access.
if (rdnChangesAllowed && newSuperiorDN != null)
{
- AciContainer container =
- new AciLDAPOperationContainer(operation, ACI_EXPORT, operation
- .getOriginalEntry());
+ AciContainer container = new AciLDAPOperationContainer(
+ operation, ACI_EXPORT, operation.getOriginalEntry());
if (!oldRDN.equals(newRDN))
{
// The RDNs are not equal, skip the proxy check since it was
@@ -442,11 +388,7 @@
return rdnChangesAllowed;
}
-
-
- /**
- * {@inheritDoc}
- */
+ /** {@inheritDoc} */
@Override
public boolean isAllowed(LocalBackendModifyOperation operation)
throws DirectoryException
@@ -455,11 +397,7 @@
return aciCheckMods(container, operation, skipAccessCheck(operation));
}
-
-
- /**
- * {@inheritDoc}
- */
+ /** {@inheritDoc} */
@Override
public boolean isAllowed(SearchOperation searchOperation)
{
@@ -467,11 +405,7 @@
return true;
}
-
-
- /**
- * {@inheritDoc}
- */
+ /** {@inheritDoc} */
@Override
public boolean isAllowed(Operation operation, Entry entry,
SearchFilter filter) throws DirectoryException
@@ -486,14 +420,9 @@
return testFilter(container, filter);
}
-
-
- /**
- * {@inheritDoc}
- */
+ /** {@inheritDoc} */
@Override
- public boolean mayProxy(Entry proxyUser, Entry proxiedUser,
- Operation op)
+ public boolean mayProxy(Entry proxyUser, Entry proxiedUser, Operation op)
{
if (skipAccessCheck(proxyUser))
{
@@ -508,14 +437,9 @@
return accessAllowedEntry(container);
}
-
-
- /**
- * {@inheritDoc}
- */
+ /** {@inheritDoc} */
@Override
- public boolean maySend(DN dn, Operation operation,
- SearchResultReference reference)
+ public boolean maySend(DN dn, Operation operation, SearchResultReference reference)
{
if (skipAccessCheck(operation))
{
@@ -541,11 +465,7 @@
return accessAllowed(container);
}
-
-
- /**
- * {@inheritDoc}
- */
+ /** {@inheritDoc} */
@Override
public boolean maySend(Operation operation, SearchResultEntry entry)
{
--
Gitblit v1.10.0