From 6be8310638b2d2150c9a2af17d84a15e3759e5f1 Mon Sep 17 00:00:00 2001
From: Matthew Swift <matthew.swift@forgerock.com>
Date: Fri, 22 Jul 2011 09:40:38 +0000
Subject: [PATCH] Fix OPENDJ-241: Unexpected authorization failure when using the assertion control with internal root connections

---
 opends/src/server/org/opends/server/authorization/dseecompat/AciHandler.java |   13 ++++++++++---
 1 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/opends/src/server/org/opends/server/authorization/dseecompat/AciHandler.java b/opends/src/server/org/opends/server/authorization/dseecompat/AciHandler.java
index ccae97b..d5c3865 100644
--- a/opends/src/server/org/opends/server/authorization/dseecompat/AciHandler.java
+++ b/opends/src/server/org/opends/server/authorization/dseecompat/AciHandler.java
@@ -534,11 +534,18 @@
    */
   @Override
   public boolean isAllowed(Operation operation, Entry entry,
-    SearchFilter filter) throws DirectoryException
+      SearchFilter filter) throws DirectoryException
   {
-    AciLDAPOperationContainer operationContainer =
+    if (skipAccessCheck(operation))
+    {
+      return true;
+    }
+    else
+    {
+      AciLDAPOperationContainer operationContainer =
         new AciLDAPOperationContainer(operation, (ACI_READ), entry);
-    return testFilter(operationContainer, filter);
+      return testFilter(operationContainer, filter);
+    }
   }
 
 

--
Gitblit v1.10.0