From ea9a4229acbf8186e7225e96651b10b44eba3e8a Mon Sep 17 00:00:00 2001
From: Nemanja Lukic <nemanja.lukic@forgerock.com>
Date: Fri, 25 Nov 2011 08:55:01 +0000
Subject: [PATCH] New fix for OPENDJ-221 as per comments: http://lists.forgerock.org/pipermail/opendj-dev/2011-November/001024.html

---
 opends/src/server/org/opends/server/plugins/ReferentialIntegrityPlugin.java |  108 ++++++++++++++++++++++++++++++------------------------
 1 files changed, 60 insertions(+), 48 deletions(-)

diff --git a/opends/src/server/org/opends/server/plugins/ReferentialIntegrityPlugin.java b/opends/src/server/org/opends/server/plugins/ReferentialIntegrityPlugin.java
index b83976f..2784199 100644
--- a/opends/src/server/org/opends/server/plugins/ReferentialIntegrityPlugin.java
+++ b/opends/src/server/org/opends/server/plugins/ReferentialIntegrityPlugin.java
@@ -1120,6 +1120,16 @@
     final List<Modification> mods = modifyOperation.getModifications();
     final Entry entry = modifyOperation.getModifiedEntry();
 
+    /* Make sure the entry belongs to one of the configured naming
+     * contexts.
+     */
+    DN entryDN = entry.getDN();
+    DN entryBaseDN = getEntryBaseDN(entryDN);
+    if (entryBaseDN == null)
+    {
+      return PluginResult.PreOperation.continueOperationProcessing();
+    }
+
     for (Modification mod : mods)
     {
       final ModificationType modType = mod.getModificationType();
@@ -1139,7 +1149,7 @@
       if (modifiedAttribute != null)
       {
         PluginResult.PreOperation result =
-        isIntegrityMaintained(modifiedAttribute, entry.getDN());
+        isIntegrityMaintained(modifiedAttribute, entryDN, entryBaseDN);
         if (result.getResultCode() != ResultCode.SUCCESS)
         {
           return result;
@@ -1169,6 +1179,16 @@
 
     final Entry entry = addOperation.getEntryToAdd();
 
+    /* Make sure the entry belongs to one of the configured naming
+     * contexts.
+     */
+    DN entryDN = entry.getDN();
+    DN entryBaseDN = getEntryBaseDN(entryDN);
+    if (entryBaseDN == null)
+    {
+      return PluginResult.PreOperation.continueOperationProcessing();
+    }
+
     for (AttributeType attrType : attributeTypes)
     {
       final List<Attribute> attrs = entry.getAttribute(attrType, false);
@@ -1176,7 +1196,7 @@
       if (attrs != null)
       {
         PluginResult.PreOperation result =
-        isIntegrityMaintained(attrs, entry.getDN());
+        isIntegrityMaintained(attrs, entryDN, entryBaseDN);
         if (result.getResultCode() != ResultCode.SUCCESS)
         {
           return result;
@@ -1199,12 +1219,12 @@
    *                CONSTRAINT_VIOLATION oherwise
    */
   private PluginResult.PreOperation
-    isIntegrityMaintained(List<Attribute> attrs, DN entryDN)
+    isIntegrityMaintained(List<Attribute> attrs, DN entryDN, DN entryBaseDN)
   {
     PluginResult.PreOperation result = null;
     for(Attribute attr : attrs)
     {
-      result = isIntegrityMaintained(attr, entryDN);
+      result = isIntegrityMaintained(attr, entryDN, entryBaseDN);
       if (result != PluginResult.PreOperation.continueOperationProcessing())
       {
         return result;
@@ -1224,38 +1244,9 @@
    *                CONSTRAINT_VIOLATION oherwise
    */
   private PluginResult.PreOperation isIntegrityMaintained(Attribute attr,
-                                                          DN entryDN)
+                                                          DN entryDN,
+                                                          DN entryBaseDN)
   {
-    /* Verify that the entry belongs to one of the configured naming
-     * contexts.
-     */
-
-    boolean isLocal = false;
-
-    if (baseDNs.isEmpty())
-    {
-      baseDNs = DirectoryServer.getPublicNamingContexts().keySet();
-    }
-
-    for (DN baseDN : baseDNs)
-    {
-      if (entryDN.matchesBaseAndScope(baseDN, SearchScope.SUBORDINATE_SUBTREE))
-      {
-        isLocal = true;
-        break;
-      }
-    }
-
-    /* If the entry does not belong to any of the configured naming
-     * contexts continue further operation processing without checking
-     * the integrity.
-     */
-
-    if (!isLocal)
-    {
-      return PluginResult.PreOperation.continueOperationProcessing();
-    }
-
     /* Iterate over the list of attributes */
 
     Iterator<AttributeValue> attrValIt = attr.iterator();
@@ -1273,19 +1264,8 @@
         if (currentConfiguration.getCheckReferencesScopeCriteria()
           == CheckReferencesScopeCriteria.NAMING_CONTEXT)
         {
-          boolean matches = false;
-
-          for (DN baseDN : baseDNs)
-          {
-            if (entryDN.matchesBaseAndScope(baseDN,
-              SearchScope.SUBORDINATE_SUBTREE))
-            {
-              matches = true;
-              break;
-            }
-          }
-
-          if (!matches)
+          if (valueEntryDN.matchesBaseAndScope(entryBaseDN,
+            SearchScope.SUBORDINATE_SUBTREE))
           {
             return PluginResult.PreOperation.stopProcessing(
                   ResultCode.CONSTRAINT_VIOLATION,
@@ -1344,4 +1324,36 @@
 
     return PluginResult.PreOperation.continueOperationProcessing();
   }
+
+  /**
+   * Verifies if the entry with the specified DN belongs to the
+   * configured naming contexts.
+   * @param dn DN of the entry.
+   * @return Returns <code>true</code> if the entry matches any of the
+   *         configured base DNs, and <code>false</code> if not.
+   */
+  private DN getEntryBaseDN(DN dn)
+  {
+    /* Verify that the entry belongs to one of the configured naming
+     * contexts.
+     */
+
+    DN namingContext = null;
+
+    if (baseDNs.isEmpty())
+    {
+      baseDNs = DirectoryServer.getPublicNamingContexts().keySet();
+    }
+
+    for (DN baseDN : baseDNs)
+    {
+      if (dn.matchesBaseAndScope(baseDN, SearchScope.SUBORDINATE_SUBTREE))
+      {
+        namingContext = baseDN;
+        break;
+      }
+    }
+
+    return namingContext;
+  }
 }

--
Gitblit v1.10.0