From 73c6ebc2c7569aa0dd072dfa24d149ceed9cca16 Mon Sep 17 00:00:00 2001
From: Matthew Swift <matthew.swift@forgerock.com>
Date: Mon, 05 Mar 2012 22:21:25 +0000
Subject: [PATCH] Fix for OPENDJ-433:  Every other permissions-subjects pair in ACI is ignored

---
 opends/src/server/org/opends/server/authorization/dseecompat/AciBody.java |   18 +++++++++++++++---
 1 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/opends/src/server/org/opends/server/authorization/dseecompat/AciBody.java b/opends/src/server/org/opends/server/authorization/dseecompat/AciBody.java
index 27dca71..25b6647 100644
--- a/opends/src/server/org/opends/server/authorization/dseecompat/AciBody.java
+++ b/opends/src/server/org/opends/server/authorization/dseecompat/AciBody.java
@@ -23,6 +23,7 @@
  *
  *
  *      Copyright 2008-2009 Sun Microsystems, Inc.
+ *      Portions copyright 2012 ForgeRock AS.
  */
 
 package org.opends.server.authorization.dseecompat;
@@ -137,7 +138,7 @@
         "\\(" + ZERO_OR_MORE_WHITESPACE + versionToken +
         ZERO_OR_MORE_WHITESPACE + versionRegex +
         ACI_STATEMENT_SEPARATOR + aclToken + ZERO_OR_MORE_WHITESPACE +
-        "\"(.*)\"" + ACI_STATEMENT_SEPARATOR + actionRegex +
+        "\"([^\"]*)\"" + ACI_STATEMENT_SEPARATOR + actionRegex +
         ZERO_OR_MORE_WHITESPACE  + "\\)";
 
     /*
@@ -191,20 +192,31 @@
                 throw new AciException(message);
             }
             name = bodyMatcher.group(NAME);
+            input = input.substring(bodyMatcher.end());
         }
-        Pattern bodyPattern1 = Pattern.compile(
-                ACI_STATEMENT_SEPARATOR + actionRegex);
+
+        Pattern bodyPattern1 = Pattern.compile("\\G" + actionRegex);
         Matcher bodyMatcher1 = bodyPattern1.matcher(input);
+
         /*
          * The may be many permission-bind rule pairs.
          */
+        int lastIndex = -1;
         while(bodyMatcher1.find()) {
          String perm=bodyMatcher1.group(PERM);
          String rights=bodyMatcher1.group(RIGHTS);
          String bRule=bodyMatcher1.group(BINDRULE);
          PermBindRulePair pair = PermBindRulePair.decode(perm, rights, bRule);
          permBindRulePairs.add(pair);
+         lastIndex = bodyMatcher1.end();
         }
+
+        if (lastIndex >= 0 && input.charAt(lastIndex) != ')')
+        {
+          Message message = WARN_ACI_SYNTAX_GENERAL_PARSE_FAILED.get(input);
+          throw new AciException(message);
+        }
+
         return new AciBody(version, name, startPos, permBindRulePairs);
     }
 

--
Gitblit v1.10.0