From 5067760c866efc66b933457bd399affa47c9e9a4 Mon Sep 17 00:00:00 2001
From: matthew_swift <matthew_swift@localhost>
Date: Fri, 24 Apr 2009 12:52:54 +0000
Subject: [PATCH] Fix issue 3928: Wrong error message sent to access log (while correct one is in error log)
---
opends/src/server/org/opends/server/api/AccessControlHandler.java | 76 +++++++++++++++++++++++++++++++++-----
1 files changed, 66 insertions(+), 10 deletions(-)
diff --git a/opends/src/server/org/opends/server/api/AccessControlHandler.java b/opends/src/server/org/opends/server/api/AccessControlHandler.java
index e7d6578..ccb590a 100644
--- a/opends/src/server/org/opends/server/api/AccessControlHandler.java
+++ b/opends/src/server/org/opends/server/api/AccessControlHandler.java
@@ -129,9 +129,15 @@
* The operation for which to make the determination.
* @return {@code true} if the operation should be allowed by the
* access control configuration, or {@code false} if not.
+ * @throws DirectoryException
+ * If an error occurred while performing the access
+ * control check. For example, if an attribute could not
+ * be decoded. Care must be taken not to expose any
+ * potentially sensitive information in the exception.
*/
public abstract boolean isAllowed(
- LocalBackendAddOperation addOperation);
+ LocalBackendAddOperation addOperation)
+ throws DirectoryException;
@@ -148,9 +154,17 @@
* The control for which to make the determination.
* @return {@code true} if the control should be allowed by the
* access control configuration, or {@code false} if not.
+ * @throws DirectoryException
+ * If an error occurred while performing the access
+ * control check. For example, if an attribute could not
+ * be decoded. Care must be taken not to expose any
+ * potentially sensitive information in the exception.
*/
- public abstract boolean isAllowed(DN dn, Operation op,
- Control control);
+ public abstract boolean isAllowed(
+ DN dn,
+ Operation op,
+ Control control)
+ throws DirectoryException;
@@ -163,9 +177,15 @@
* The operation for which to make the determination.
* @return {@code true} if the operation should be allowed by the
* access control configuration, or {@code false} if not.
+ * @throws DirectoryException
+ * If an error occurred while performing the access
+ * control check. For example, if an attribute could not
+ * be decoded. Care must be taken not to expose any
+ * potentially sensitive information in the exception.
*/
public abstract boolean isAllowed(
- LocalBackendBindOperation bindOperation);
+ LocalBackendBindOperation bindOperation)
+ throws DirectoryException;
@@ -178,9 +198,15 @@
* The operation for which to make the determination.
* @return {@code true} if the operation should be allowed by the
* access control configuration, or {@code false} if not.
+ * @throws DirectoryException
+ * If an error occurred while performing the access
+ * control check. For example, if an attribute could not
+ * be decoded. Care must be taken not to expose any
+ * potentially sensitive information in the exception.
*/
public abstract boolean isAllowed(
- LocalBackendCompareOperation compareOperation);
+ LocalBackendCompareOperation compareOperation)
+ throws DirectoryException;
@@ -193,9 +219,15 @@
* The operation for which to make the determination.
* @return {@code true} if the operation should be allowed by the
* access control configuration, or {@code false} if not.
+ * @throws DirectoryException
+ * If an error occurred while performing the access
+ * control check. For example, if an attribute could not
+ * be decoded. Care must be taken not to expose any
+ * potentially sensitive information in the exception.
*/
public abstract boolean isAllowed(
- LocalBackendDeleteOperation deleteOperation);
+ LocalBackendDeleteOperation deleteOperation)
+ throws DirectoryException;
@@ -208,9 +240,15 @@
* The operation for which to make the determination.
* @return {@code true} if the operation should be allowed by the
* access control configuration, or {@code false} if not.
+ * @throws DirectoryException
+ * If an error occurred while performing the access
+ * control check. For example, if an attribute could not
+ * be decoded. Care must be taken not to expose any
+ * potentially sensitive information in the exception.
*/
public abstract boolean isAllowed(
- ExtendedOperation extendedOperation);
+ ExtendedOperation extendedOperation)
+ throws DirectoryException;
@@ -223,9 +261,15 @@
* The operation for which to make the determination.
* @return {@code true} if the operation should be allowed by the
* access control configuration, or {@code false} if not.
+ * @throws DirectoryException
+ * If an error occurred while performing the access
+ * control check. For example, if an attribute could not
+ * be decoded. Care must be taken not to expose any
+ * potentially sensitive information in the exception.
*/
public abstract boolean isAllowed(
- LocalBackendModifyOperation modifyOperation);
+ LocalBackendModifyOperation modifyOperation)
+ throws DirectoryException;
@@ -238,9 +282,15 @@
* The operation for which to make the determination.
* @return {@code true} if the operation should be allowed by the
* access control configuration, or {@code false} if not.
+ * @throws DirectoryException
+ * If an error occurred while performing the access
+ * control check. For example, if an attribute could not
+ * be decoded. Care must be taken not to expose any
+ * potentially sensitive information in the exception.
*/
public abstract boolean isAllowed(
- LocalBackendModifyDNOperation modifyDNOperation);
+ LocalBackendModifyDNOperation modifyDNOperation)
+ throws DirectoryException;
@@ -256,9 +306,15 @@
* The operation for which to make the determination.
* @return {@code true} if the operation should be allowed by the
* access control configuration, or {@code false} if not.
+ * @throws DirectoryException
+ * If an error occurred while performing the access
+ * control check. For example, if an attribute could not
+ * be decoded. Care must be taken not to expose any
+ * potentially sensitive information in the exception.
*/
public abstract boolean isAllowed(
- LocalBackendSearchOperation searchOperation);
+ LocalBackendSearchOperation searchOperation)
+ throws DirectoryException;
--
Gitblit v1.10.0