From 91fdf0048df4c43fe3b7412ccb7f862eab5f7669 Mon Sep 17 00:00:00 2001
From: Matthew Swift <matthew.swift@forgerock.com>
Date: Wed, 02 Feb 2011 20:45:14 +0000
Subject: [PATCH] Fix issue OPENDJ-24: Fix OpenDS issue 4583: during a search op, ACI with targetfilter and targetattrs gets evaluated wrongly https://bugster.forgerock.org/jira/browse/OPENDJ-24
---
opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendAddOperation.java | 72 ++++--------------------------------
1 files changed, 8 insertions(+), 64 deletions(-)
diff --git a/opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendAddOperation.java b/opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendAddOperation.java
index 8214122..3ca1ef8 100644
--- a/opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendAddOperation.java
+++ b/opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendAddOperation.java
@@ -23,6 +23,7 @@
*
*
* Copyright 2008-2010 Sun Microsystems, Inc.
+ * Portions Copyright 2011 ForgeRock AS
*/
package org.opends.server.workflowelement.localbackend;
@@ -55,7 +56,6 @@
import org.opends.server.api.plugin.PluginResult;
import org.opends.server.controls.LDAPAssertionRequestControl;
import org.opends.server.controls.LDAPPostReadRequestControl;
-import org.opends.server.controls.LDAPPostReadResponseControl;
import org.opends.server.controls.PasswordPolicyErrorType;
import org.opends.server.controls.PasswordPolicyResponseControl;
import org.opends.server.controls.ProxiedAuthV1Control;
@@ -263,7 +263,7 @@
// Invoke any conflict resolution processing that might be needed by the
// synchronization provider.
- for (SynchronizationProvider provider :
+ for (SynchronizationProvider<?> provider :
DirectoryServer.getSynchronizationProviders())
{
try
@@ -643,7 +643,7 @@
}
else
{
- for (SynchronizationProvider provider :
+ for (SynchronizationProvider<?> provider :
DirectoryServer.getSynchronizationProviders())
{
try
@@ -676,11 +676,8 @@
backend.addEntry(entry, this);
}
- if (postReadRequest != null)
- {
- addPostReadResponse();
- }
-
+ LocalBackendWorkflowElement.addPostReadResponse(this,
+ postReadRequest, entry);
if (! noOp)
{
@@ -700,7 +697,7 @@
}
finally
{
- for (SynchronizationProvider provider :
+ for (SynchronizationProvider<?> provider :
DirectoryServer.getSynchronizationProviders())
{
try
@@ -1204,7 +1201,7 @@
// Encode the password.
if (passwordPolicy.usesAuthPasswordSyntax())
{
- for (PasswordStorageScheme s : defaultStorageSchemes)
+ for (PasswordStorageScheme<?> s : defaultStorageSchemes)
{
ByteString encodedValue = s.encodeAuthPassword(value);
builder.add(AttributeValues.create(
@@ -1213,7 +1210,7 @@
}
else
{
- for (PasswordStorageScheme s : defaultStorageSchemes)
+ for (PasswordStorageScheme<?> s : defaultStorageSchemes)
{
ByteString encodedValue = s.encodePasswordWithScheme(value);
builder.add(AttributeValues.create(
@@ -1609,58 +1606,5 @@
}
}
}
-
-
-
- /**
- * Adds the post-read response control to the response.
- */
- protected void addPostReadResponse()
- {
- Entry addedEntry = entry.duplicate(true);
-
- if (! postReadRequest.allowsAttribute(
- DirectoryServer.getObjectClassAttributeType()))
- {
- addedEntry.removeAttribute(DirectoryServer.getObjectClassAttributeType());
- }
-
- if (! postReadRequest.returnAllUserAttributes())
- {
- Iterator<AttributeType> iterator =
- addedEntry.getUserAttributes().keySet().iterator();
- while (iterator.hasNext())
- {
- AttributeType attrType = iterator.next();
- if (! postReadRequest.allowsAttribute(attrType))
- {
- iterator.remove();
- }
- }
- }
-
- if (! postReadRequest.returnAllOperationalAttributes())
- {
- Iterator<AttributeType> iterator =
- addedEntry.getOperationalAttributes().keySet().iterator();
- while (iterator.hasNext())
- {
- AttributeType attrType = iterator.next();
- if (! postReadRequest.allowsAttribute(attrType))
- {
- iterator.remove();
- }
- }
- }
-
- // Check access controls on the entry and strip out
- // any not allowed attributes.
- SearchResultEntry searchEntry =
- AccessControlConfigManager.getInstance().
- getAccessControlHandler().filterEntry(this, addedEntry);
- LDAPPostReadResponseControl responseControl =
- new LDAPPostReadResponseControl(searchEntry);
- addResponseControl(responseControl);
- }
}
--
Gitblit v1.10.0