From 959c9ded0c297d00500678a0c80d7d6d8a5265fe Mon Sep 17 00:00:00 2001
From: neil_a_wilson <neil_a_wilson@localhost>
Date: Tue, 10 Jul 2007 16:03:42 +0000
Subject: [PATCH] Fix a set of problems with the configuration interface in which there were a number of cases in which insufficient validation was performed. In particular, if a new configuration object was added over protocol or an existing configuration object was changed from disabled to enabled, then the server would only perform generic validation for that component and would not have any way to perform more detailed validation that could detect larger numbers of problems.
---
opends/src/server/org/opends/server/core/AccessControlConfigManager.java | 50 ++++++++++++++++++++++++++++++++++++++++++--------
1 files changed, 42 insertions(+), 8 deletions(-)
diff --git a/opends/src/server/org/opends/server/core/AccessControlConfigManager.java b/opends/src/server/org/opends/server/core/AccessControlConfigManager.java
index 6f68139..32948f5 100644
--- a/opends/src/server/org/opends/server/core/AccessControlConfigManager.java
+++ b/opends/src/server/org/opends/server/core/AccessControlConfigManager.java
@@ -37,6 +37,7 @@
import java.lang.reflect.Method;
import java.util.ArrayList;
+import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.concurrent.atomic.AtomicReference;
@@ -253,7 +254,7 @@
{
if (newConfiguration.isEnabled())
{
- newHandler = loadHandler(newHandlerClass, newConfiguration);
+ newHandler = loadHandler(newHandlerClass, newConfiguration, true);
}
else
{
@@ -331,7 +332,7 @@
// can load the access control handler class.
if (configuration.isEnabled())
{
- loadHandler(configuration.getAclHandlerClass(), null);
+ loadHandler(configuration.getAclHandlerClass(), configuration, false);
}
}
catch (InitializationException e)
@@ -413,23 +414,26 @@
/**
- * Loads the specified class, instantiates it as a AccessControlProvider, and
+ * Loads the specified class, instantiates it as a AccessControlHandler, and
* optionally initializes that instance.
*
* @param className The fully-qualified name of the Access Control
* provider class to load, instantiate, and initialize.
* @param configuration The configuration to use to initialize the
- * Access Control Provider, or {@code null} if the
- * Access Control Provider should not be initialized.
+ * Access Control Handler. It must not be
+ * {@code null}.
+ * @param initialize Indicates whether the access control handler
+ * instance should be initialized.
*
- * @return The possibly initialized Access Control Provider.
+ * @return The possibly initialized Access Control Handler.
*
* @throws InitializationException If a problem occurred while attempting to
- * initialize the Access Control Provider.
+ * initialize the Access Control Handler.
*/
private AccessControlHandler<? extends AccessControlHandlerCfg>
loadHandler(String className,
- AccessControlHandlerCfg configuration)
+ AccessControlHandlerCfg configuration,
+ boolean initialize)
throws InitializationException
{
try
@@ -451,6 +455,36 @@
configuration.definition().getServerConfigurationClass());
method.invoke(provider, configuration);
}
+ else
+ {
+ Method method =
+ provider.getClass().getMethod("isConfigurationAcceptable",
+ AccessControlHandlerCfg.class,
+ List.class);
+
+ List<String> unacceptableReasons = new ArrayList<String>();
+ Boolean acceptable = (Boolean) method.invoke(provider, configuration,
+ unacceptableReasons);
+ if (! acceptable)
+ {
+ StringBuilder buffer = new StringBuilder();
+ if (! unacceptableReasons.isEmpty())
+ {
+ Iterator<String> iterator = unacceptableReasons.iterator();
+ buffer.append(iterator.next());
+ while (iterator.hasNext())
+ {
+ buffer.append(". ");
+ buffer.append(iterator.next());
+ }
+ }
+
+ int msgID = MSGID_CONFIG_AUTHZ_CONFIG_NOT_ACCEPTABLE;
+ String message = getMessage(msgID, String.valueOf(configuration.dn()),
+ buffer.toString());
+ throw new InitializationException(msgID, message);
+ }
+ }
return provider;
}
--
Gitblit v1.10.0