From 0fba00628d10c1173693af6f03be0386b6042834 Mon Sep 17 00:00:00 2001
From: neil_a_wilson <neil_a_wilson@localhost>
Date: Thu, 14 Jun 2007 03:10:29 +0000
Subject: [PATCH] Revert the changes committed in revision 2094 because they have broken the build due to a number of missing symbols.
---
opendj-sdk/opends/tests/unit-tests-testng/src/server/org/opends/server/authorization/dseecompat/TargetAttrTestCase.java | 162 --------------------
opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/AciTargets.java | 59 +-----
opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/Aci.java | 52 +-----
opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/AciContainer.java | 89 +++--------
opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/AciHandler.java | 41 +---
opendj-sdk/opends/src/server/org/opends/server/messages/AciMessages.java | 35 +++-
6 files changed, 90 insertions(+), 348 deletions(-)
diff --git a/opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/Aci.java b/opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/Aci.java
index 46ef3db..6f5b75b 100644
--- a/opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/Aci.java
+++ b/opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/Aci.java
@@ -110,12 +110,11 @@
/**
* Regular expression that graciously matches an attribute type name. Must
* begin with an ASCII letter or digit, and contain only ASCII letters,
- * digit characters, hyphens, semi-colons and underscores. It also allows
- * the special shorthand characters "*" for all user attributes and "+" for
- * all operational attributes.
+ * digit characters, hyphens, semi-colons and underscores.
+ * They are case insensitive.
*/
public static final String ATTR_NAME =
- "((?i)[a-z\\d]{1}[[a-z]\\d-_.;]*(?-i)|\\*{1}|\\+{1})";
+ "((?i)[a-z\\d]{1}[[a-z]\\d-_.;]*(?-i))";
/**
* Regular expression matching a LDAP URL.
@@ -151,16 +150,8 @@
/**
* Regular expression the matches "*".
*/
- public static final String ALL_USER_ATTRS_WILD_CARD =
- ZERO_OR_MORE_WHITESPACE +
- "\\*" + ZERO_OR_MORE_WHITESPACE;
-
- /**
- * Regular expression the matches "+".
- */
- public static final String ALL_OP_ATTRS_WILD_CARD =
- ZERO_OR_MORE_WHITESPACE +
- "\\+" + ZERO_OR_MORE_WHITESPACE;
+ public static final String ALL_ATTRS_WILD_CARD = ZERO_OR_MORE_WHITESPACE +
+ "\\*" + ZERO_OR_MORE_WHITESPACE;
/**
* ACI_ADD is used to set the container rights for a LDAP add operation.
@@ -274,38 +265,15 @@
* evaluation if the flag is ACI_ATTR_STAR_MATCHED (all attributes match)
* and the attribute type is not operational.
*/
- public static final int ACI_USER_ATTR_STAR_MATCHED = 0x0008;
+ public static final int ACI_ATTR_STAR_MATCHED = 0x0008;
/**
- * ACI_FOUND_USER_ATTR_RULE is the flag set when the evaluation reason of a
+ * ACI_FOUND_ATTR_RULE is the flag set when the evaluation reason of a
* AciHandler.maysend ACI_READ access evaluation was the result of an
- * ACI targetattr specific user attribute expression
- * (targetattr="some user attribute type") target match.
+ * ACI targetattr specific attribute expression
+ * (targetattr="some attribute type") target match.
*/
- public static final int ACI_FOUND_USER_ATTR_RULE = 0x0010;
-
- /**
- * ACI_OP_ATTR_PLUS_MATCHED is the flag set when the evaluation reason of a
- * AciHandler.maysend ACI_READ access evaluation was the result of an
- * ACI targetattr all operational attributes expression (targetattr="+")
- * target match. For this flag to be set, there must be only one
- * ACI matching.
- *
- * This flag and ACI_FOUND_OP_ATTR_RULE are used in the
- * AciHandler.filterEntry.accessAllowedAttrs method to skip access
- * evaluation if the flag is ACI_OP_ATTR_PLUS_MATCHED (all operational
- * attributes match) and the attribute type is operational.
- */
-
- public static final int ACI_OP_ATTR_PLUS_MATCHED = 0x0004;
-
- /**
- * ACI_FOUND_OP_ATTR_RULE is the flag set when the evaluation reason of a
- * AciHandler.maysend ACI_READ access evaluation was the result of an
- * ACI targetattr specific operational attribute expression
- * (targetattr="some operational attribute type") target match.
- */
- public static final int ACI_FOUND_OP_ATTR_RULE = 0x0020;
+ public static final int ACI_FOUND_ATTR_RULE = 0x0010;
/**
* ACI_NULL is used to set the container rights to all zeros. Used
diff --git a/opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/AciContainer.java b/opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/AciContainer.java
index c2126da..ff7da54 100644
--- a/opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/AciContainer.java
+++ b/opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/AciContainer.java
@@ -280,20 +280,12 @@
this.authzid=getEffectiveRightsControl.getAuthzDN();
this.specificAttrs=getEffectiveRightsControl.getAttributes();
}
- //If an ACI evaluated because of an Targetattr="*", then the
+ //If the ACI evaluated because of an Targetattr="*", then the
//AciHandler.maySend method signaled this via adding this attachment
//string.
- String allUserAttrs=
- (String)operation.getAttachment(ALL_USER_ATTRS_MATCHED);
- if(allUserAttrs != null)
- evalAllAttributes |= ACI_USER_ATTR_STAR_MATCHED;
- //If an ACI evaluated because of an Targetattr="+", then the
- //AciHandler.maySend method signaled this via adding this attachment
- //string.
- String allOpAttrs=(String)operation.getAttachment(ALL_OP_ATTRS_MATCHED);
- if(allOpAttrs != null)
- evalAllAttributes |= ACI_OP_ATTR_PLUS_MATCHED;
-
+ String allAttrs=(String)operation.getAttachment(ALL_ATTRS_MATCHED);
+ if(allAttrs != null)
+ evalAllAttributes = ACI_ATTR_STAR_MATCHED;
//The AciHandler.maySend method also adds the full attribute version of
//the resource entry in this attachment.
fullEntry=(Entry)operation.getAttachment(ALL_ATTRS_RESOURCE_ENTRY);
@@ -831,74 +823,43 @@
/**
* {@inheritDoc}
*/
- public void setEvalUserAttributes(int v) {
+ public void setACIEvalAttributesRule(int v) {
if(operation instanceof SearchOperation && (rights == ACI_READ)) {
- if(v == ACI_FOUND_USER_ATTR_RULE) {
- evalAllAttributes |= ACI_FOUND_USER_ATTR_RULE;
- evalAllAttributes &= ~ACI_USER_ATTR_STAR_MATCHED;
+ if(v == ACI_FOUND_ATTR_RULE) {
+ evalAllAttributes |= ACI_FOUND_ATTR_RULE;
+ evalAllAttributes &= ~ACI_ATTR_STAR_MATCHED;
} else
- evalAllAttributes |= ACI_USER_ATTR_STAR_MATCHED;
- }
- }
-
- /**
- * {@inheritDoc}
- */
- public void setEvalOpAttributes(int v) {
- if(operation instanceof SearchOperation && (rights == ACI_READ)) {
- if(v == ACI_FOUND_OP_ATTR_RULE) {
- evalAllAttributes |= ACI_FOUND_OP_ATTR_RULE;
- evalAllAttributes &= ~ACI_OP_ATTR_PLUS_MATCHED;
- } else
- evalAllAttributes |= ACI_OP_ATTR_PLUS_MATCHED;
+ evalAllAttributes |= Aci.ACI_ATTR_STAR_MATCHED;
}
}
/**
* {@inheritDoc}
*/
- public boolean hasEvalUserAttributes() {
- return (evalAllAttributes & ACI_FOUND_USER_ATTR_RULE) ==
- ACI_FOUND_USER_ATTR_RULE;
+ public boolean hasACIEvalAttributes() {
+ return (evalAllAttributes & ACI_FOUND_ATTR_RULE) == ACI_FOUND_ATTR_RULE;
+ }
+
+
+ /**
+ * Return true if the evaluating ACI either contained a targetattr all
+ * attributes rule matched only.
+ *
+ * @return True if the above condition was seen.
+ **/
+ public boolean hasACIAllAttributes() {
+ return (evalAllAttributes & ACI_ATTR_STAR_MATCHED) == ACI_ATTR_STAR_MATCHED;
}
/**
* {@inheritDoc}
*/
- public boolean hasEvalOpAttributes() {
- return (evalAllAttributes & ACI_FOUND_OP_ATTR_RULE) ==
- ACI_FOUND_OP_ATTR_RULE;
- }
-
- /**
- * Return true if the evaluating ACI contained a targetattr all
- * user attributes rule match.
- *
- * @return True if the above condition was seen.
- **/
- public boolean hasAllUserAttributes() {
- return (evalAllAttributes & ACI_USER_ATTR_STAR_MATCHED) ==
- ACI_USER_ATTR_STAR_MATCHED;
- }
-
- /**
- * Return true if the evaluating ACI contained a targetattr all
- * operational attributes rule match.
- *
- * @return True if the above condition was seen.
- **/
- public boolean hasAllOpAttributes() {
- return (evalAllAttributes & ACI_OP_ATTR_PLUS_MATCHED) ==
- ACI_OP_ATTR_PLUS_MATCHED;
- }
-
- /**
- * {@inheritDoc}
- */
- public void clearEvalAttributes(int v) {
+ public void clearACIEvalAttributesRule(int v) {
if(v == 0)
evalAllAttributes=0;
else
evalAllAttributes &= ~v;
}
+
+
}
diff --git a/opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/AciHandler.java b/opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/AciHandler.java
index e934089..134262c 100644
--- a/opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/AciHandler.java
+++ b/opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/AciHandler.java
@@ -98,16 +98,10 @@
public static String ALL_ATTRS_RESOURCE_ENTRY = "allAttrsResourceEntry";
/**
- * String used to indicate that the evaluating ACI had a all user attributes
+ * String used to indicate that the evaluating ACI had a all attributes
* targetattr match (targetattr="*").
*/
- public static String ALL_USER_ATTRS_MATCHED = "allUserAttrsMatched";
-
- /**
- * String used to indicate that the evaluating ACI had a all operational
- * attributes targetattr match (targetattr="+").
- */
- public static String ALL_OP_ATTRS_MATCHED = "allOpAttrsMatched";
+ public static String ALL_ATTRS_MATCHED = "allAttrsMatched";
/**
* This constructor instantiates the ACI handler class that performs the
@@ -609,18 +603,17 @@
*/
private SearchResultEntry
accessAllowedAttrs(AciLDAPOperationContainer container) {
- Entry e=container.getResourceEntry();
- List<AttributeType> typeList=getAllAttrs(e);
- for(AttributeType attrType : typeList) {
- if(container.hasAllUserAttributes() && !attrType.isOperational())
- continue;
- if(container.hasAllOpAttributes() && attrType.isOperational())
- continue;
- container.setCurrentAttributeType(attrType);
- if(!accessAllowed(container))
- e.removeAttribute(attrType);
+ Entry e=container.getResourceEntry();
+ List<AttributeType> typeList=getAllAttrs(e);
+ for(AttributeType attrType : typeList) {
+ if(container.hasACIAllAttributes() && !attrType.isOperational())
+ continue;
+ container.setCurrentAttributeType(attrType);
+ if(!accessAllowed(container)) {
+ e.removeAttribute(attrType);
}
- return container.getSearchResultEntry();
+ }
+ return container.getSearchResultEntry();
}
/**
@@ -923,16 +916,12 @@
ret=false;
}
if (ret) {
- operationContainer.clearEvalAttributes(ACI_NULL);
+ operationContainer.clearACIEvalAttributesRule(ACI_NULL);
operationContainer.setRights(ACI_READ);
ret=accessAllowedEntry(operationContainer);
if(ret) {
- if(!operationContainer.hasEvalUserAttributes())
- operation.setAttachment(ALL_USER_ATTRS_MATCHED,
- ALL_USER_ATTRS_MATCHED);
- if(!operationContainer.hasEvalOpAttributes())
- operation.setAttachment(ALL_OP_ATTRS_MATCHED,
- ALL_OP_ATTRS_MATCHED);
+ if(!operationContainer.hasACIEvalAttributes())
+ operation.setAttachment(ALL_ATTRS_MATCHED, ALL_ATTRS_MATCHED);
}
}
}
diff --git a/opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/AciTargets.java b/opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/AciTargets.java
index 41e58a0..dc13132 100644
--- a/opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/AciTargets.java
+++ b/opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/AciTargets.java
@@ -412,8 +412,21 @@
int rights=targetMatchCtx.getRights();
boolean isFirstAttr=targetMatchCtx.isFirstAttribute();
if((a != null) && (targets.getTargetAttr() != null)) {
- ret=TargetAttr.isApplicable(a,targets.getTargetAttr());
- setEvalAttributes(targetMatchCtx,targets,ret);
+ ret=TargetAttr.isApplicable(a,targets.getTargetAttr());
+ targetMatchCtx.clearACIEvalAttributesRule(ACI_ATTR_STAR_MATCHED);
+ /*
+ If a explicitly defined targetattr's match rule has not
+ been seen (~ACI_FOUND_ATTR_RULE) and the current attribute type
+ is applicable because of a targetattr all attributes rule match,
+ set a flag to indicate this situation (ACI_ATTR_STAR_MATCHED).
+ Else the attributes is applicable because it is operational or
+ not a targetattr's all attribute match.
+ */
+ if(ret && targets.getTargetAttr().isAllAttributes() &&
+ !targetMatchCtx.hasACIEvalAttributes())
+ targetMatchCtx.setACIEvalAttributesRule(ACI_ATTR_STAR_MATCHED);
+ else
+ targetMatchCtx.setACIEvalAttributesRule(ACI_FOUND_ATTR_RULE);
} else if((a != null) || (targets.getTargetAttr() != null)) {
if((aci.hasRights(skipRights)) &&
(skipRightsHasRights(rights)))
@@ -550,46 +563,4 @@
}
return ret;
}
-
-
- /**
- * The method is used to try and determine if a targetAttr expression that
- * is applicable has a '*' (or '+' operational attributes) token or if it
- * was applicable because of a specific attribute type declared in the
- * targetattrs expression (i.e., targetattrs=cn).
- *
- *
- * @param ctx The ctx to check against.
- * @param targets The targets part of the ACI.
- * @param ret The is true if the ACI has already been evaluated to be
- * applicable.
- */
- private static
- void setEvalAttributes(AciTargetMatchContext ctx, AciTargets targets,
- boolean ret) {
- ctx.clearEvalAttributes(ACI_USER_ATTR_STAR_MATCHED);
- ctx.clearEvalAttributes(ACI_OP_ATTR_PLUS_MATCHED);
- /*
- If an applicable targetattr's match rule has not
- been seen (~ACI_FOUND_OP_ATTR_RULE or ~ACI_FOUND_USER_ATTR_RULE) and
- the current attribute type is applicable because of a targetattr all
- user (or operational) attributes rule match,
- set a flag to indicate this situation (ACI_USER_ATTR_STAR_MATCHED or
- ACI_OP_ATTR_PLUS_MATCHED). This check also catches the following case
- where the match was by a specific attribute type (either user or
- operational) and the other attribute type has an all attribute token.
- For example, the expression is: (targetattrs="cn || +) and the current
- attribute type is cn.
- */
- if(ret && targets.getTargetAttr().isAllUserAttributes() &&
- !ctx.hasEvalUserAttributes())
- ctx.setEvalUserAttributes(ACI_USER_ATTR_STAR_MATCHED);
- else
- ctx.setEvalUserAttributes(ACI_FOUND_USER_ATTR_RULE);
- if(ret && targets.getTargetAttr().isAllOpAttributes() &&
- !ctx.hasEvalOpAttributes())
- ctx.setEvalOpAttributes(ACI_OP_ATTR_PLUS_MATCHED);
- else
- ctx.setEvalOpAttributes(ACI_FOUND_OP_ATTR_RULE);
- }
}
diff --git a/opendj-sdk/opends/src/server/org/opends/server/messages/AciMessages.java b/opendj-sdk/opends/src/server/org/opends/server/messages/AciMessages.java
index 811b377..722a2e0 100644
--- a/opendj-sdk/opends/src/server/org/opends/server/messages/AciMessages.java
+++ b/opendj-sdk/opends/src/server/org/opends/server/messages/AciMessages.java
@@ -740,15 +740,22 @@
public static final int MSGID_ACI_NOT_VALID_DN =
CATEGORY_MASK_ACCESS_CONTROL | SEVERITY_MASK_SEVERE_WARNING | 73;
+ /**
+ * The message ID for the message that will be used if a targetattr
+ * keyword expression contains both operational and user attribute
+ * types. This takes one argument, which is the targetattr expression string.
+ */
+ public static final int MSGID_ACI_TARGETATTR_INVALID_OP_USER_ATTR =
+ CATEGORY_MASK_ACCESS_CONTROL | SEVERITY_MASK_SEVERE_WARNING | 74;
+
/**
* The message ID for the message that will be used if a targetattr
- * keyword expression contains an error when a each token in an targetattr
- * expression was parsed. This takes one argument, which is the expression
- * string that caused the error.
+ * keyword expression performs both an inequality operation using
+ * operational attribute types. This takes one argument, which is the
+ * targetattr expression string.
*/
- public static final int MSGID_ACI_TARGETATTR_INVALID_ATTR_TOKEN =
- CATEGORY_MASK_ACCESS_CONTROL | SEVERITY_MASK_SEVERE_WARNING | 74;
-
+ public static final int MSGID_ACI_TARGATTR_INVALID_OP_ATTR_INEQUALITY =
+ CATEGORY_MASK_ACCESS_CONTROL | SEVERITY_MASK_SEVERE_WARNING | 75;
/**
* The message ID for the message that will be used if a roledn
@@ -756,7 +763,7 @@
* This takes one argument, which is the roledn expression string.
*/
public static final int MSGID_ACI_SYNTAX_ROLEDN_NOT_SUPPORTED =
- CATEGORY_MASK_ACCESS_CONTROL | SEVERITY_MASK_SEVERE_WARNING | 75;
+ CATEGORY_MASK_ACCESS_CONTROL | SEVERITY_MASK_SEVERE_WARNING | 76;
/**
* The message ID for the message that will be used if there are ACI decode
@@ -765,7 +772,7 @@
* exception.
*/
public static final int MSGID_ACI_SERVER_DECODE_FAILED =
- CATEGORY_MASK_ACCESS_CONTROL | SEVERITY_MASK_SEVERE_WARNING | 76;
+ CATEGORY_MASK_ACCESS_CONTROL | SEVERITY_MASK_SEVERE_WARNING | 77;
/**
@@ -774,7 +781,7 @@
* causing the server is being put in lockdown mode. The takes no arguments.
*/
public static final int MSGID_ACI_ENTER_LOCKDOWN_MODE =
- CATEGORY_MASK_ACCESS_CONTROL | SEVERITY_MASK_SEVERE_WARNING | 77;
+ CATEGORY_MASK_ACCESS_CONTROL | SEVERITY_MASK_SEVERE_WARNING | 78;
/**
@@ -1199,11 +1206,17 @@
"Selfwrite check skipped because an attribute \"%s\" with a " +
"distinguished name syntax was not a valid DN");
- registerMessage(MSGID_ACI_TARGETATTR_INVALID_ATTR_TOKEN,
+ registerMessage(MSGID_ACI_TARGETATTR_INVALID_OP_USER_ATTR,
"The provided Access Control Instruction (ACI) " +
"targetattr expression value \"%s\" is invalid because" +
- " the expression contains invalid or duplicate tokens");
+ " the expression contains both operational attribute types" +
+ " and user attribute types");
+ registerMessage(MSGID_ACI_TARGATTR_INVALID_OP_ATTR_INEQUALITY,
+ "The provided Access Control Instruction (ACI) " +
+ "targetattr expression value \"%s\" is invalid because" +
+ " the expression performs an inequality operation using " +
+ "operational attribute types");
registerMessage(MSGID_ACI_SYNTAX_ROLEDN_NOT_SUPPORTED,
"The provided Access Control Instruction (ACI) expression " +
diff --git a/opendj-sdk/opends/tests/unit-tests-testng/src/server/org/opends/server/authorization/dseecompat/TargetAttrTestCase.java b/opendj-sdk/opends/tests/unit-tests-testng/src/server/org/opends/server/authorization/dseecompat/TargetAttrTestCase.java
index cfc978b..fe96c12 100644
--- a/opendj-sdk/opends/tests/unit-tests-testng/src/server/org/opends/server/authorization/dseecompat/TargetAttrTestCase.java
+++ b/opendj-sdk/opends/tests/unit-tests-testng/src/server/org/opends/server/authorization/dseecompat/TargetAttrTestCase.java
@@ -44,46 +44,9 @@
private static final String user3="uid=user.3,ou=People,o=test";
public static final String aciFilter = "(aci=*)";
-
- private static final
- String starAciAttrs = "(targetattr=\"* || aci\")" +
- "(version 3.0;acl \"read/search all user, aci op\";" +
- "allow (search, read) " +
- "userattr=\"l#Austin\";)";
-
- private static final
- String ocOpAttrs = "(targetattr=\"objectclass || +\")" +
- "(version 3.0;acl \"read/search all op, oc user\";" +
- "allow (search, read) " +
- "userattr=\"l#Austin\";)";
-
- private static final
- String OpSrchAttrs = "(targetattr=\"sn || uid || +\")" +
- "(version 3.0;acl \"read/search all op, sn uid user\";" +
- "allow (search, read) " +
- "userattr=\"l#Austin\";)";
-
- private static final
- String allAttrs = "(targetattr=\"* || +\")" +
- "(version 3.0;acl \"read/search all user and all op lattr\";" +
- "allow (search, read) " +
- "userattr=\"l#Austin\";)";
-
- private static final
- String allOpAttrAci1 = "(targetattr=\"+\")" +
- "(version 3.0;acl \"read/search all op attr\";" +
- "allow (search, read) " +
- "userattr!=\"l#New York\";)";
-
- private static final
- String notAllOpAttrAci1 = "(targetattr!=\"+\")" +
- "(version 3.0;acl \"read/search not all op attr\";" +
- "allow (search, read) " +
- "userattr!=\"l#New York\";)";
-
private static final
String userAttrAci = "(targetattr=\"*\")" +
- "(version 3.0;acl \"read/search all userattr\";" +
+ "(version 3.0;acl \"read/search userattr\";" +
"allow (search, read) " +
"userattr=\"l#Austin\";)";
@@ -201,129 +164,6 @@
deleteAttrFromEntry(user1, "aci");
}
- /**
- * Test targetattr shorthand behavior, all attrs both user and operational.
- * See comments.
- *
- * @throws Exception If a test result is unexpected.
- */
- @Test()
- public void testTargetAttrAllAttr() throws Exception {
- //Add aci with: (targetattr = "+ || *")
- String aciLdif=makeAddAciLdif("aci", user1, allAttrs);
- modEntries(aciLdif, DIR_MGR_DN, PWD);
- String userResults =
- LDAPSearchParams(user3, PWD, null, null, null,
- user1, filter, opAttrList);
- Assert.assertFalse(userResults.equals(""));
- HashMap<String, String> attrMap=getAttrMap(userResults);
- //All should be returned.
- Assert.assertTrue(attrMap.containsKey("aci"));
- Assert.assertTrue(attrMap.containsKey("sn"));
- Assert.assertTrue(attrMap.containsKey("uid"));
- deleteAttrFromEntry(user1, "aci");
- }
-
-
- /**
- * Test targetattr shorthand behavior, userattr and plus sign (all op attrs).
- * See comments.
- *
- * @throws Exception If a test result is unexpected.
- */
- @Test()
- public void testTargetAttrOpPlusAttr() throws Exception {
- //Add aci with: (targetattr = "objectclass|| +")
- String aciLdif=makeAddAciLdif("aci", user1, ocOpAttrs);
- modEntries(aciLdif, DIR_MGR_DN, PWD);
- String userResults =
- LDAPSearchParams(user3, PWD, null, null, null,
- user1, filter, opAttrList);
- Assert.assertFalse(userResults.equals(""));
- HashMap<String, String> attrMap=getAttrMap(userResults);
- //Only aci should be returned.
- Assert.assertTrue(attrMap.containsKey("aci"));
- Assert.assertFalse(attrMap.containsKey("sn"));
- Assert.assertFalse(attrMap.containsKey("uid"));
- deleteAttrFromEntry(user1, "aci");
- }
-
-
- /**
- * Test targetattr shorthand behavior, star (all user attr) or aci attr.
- * See comments.
- *
- * @throws Exception If a test result is unexpected.
- */
- @Test()
- public void testTargetAttrUserStarAttr() throws Exception {
- //Add aci with: (targetattr = "*|| aci")
- String aciLdif=makeAddAciLdif("aci", user1, starAciAttrs);
- modEntries(aciLdif, DIR_MGR_DN, PWD);
- String userResults =
- LDAPSearchParams(user3, PWD, null, null, null,
- user1, filter, opAttrList);
- Assert.assertFalse(userResults.equals(""));
- HashMap<String, String> attrMap=getAttrMap(userResults);
- //All should be returned.
- Assert.assertTrue(attrMap.containsKey("aci"));
- Assert.assertTrue(attrMap.containsKey("sn"));
- Assert.assertTrue(attrMap.containsKey("uid"));
- deleteAttrFromEntry(user1, "aci");
- }
-
- /**
- * Test targetattr shorthand behavior using '+' in expression and an
- * operational attribute in the filter. The second test is two ACIs one
- * with targetattr='+' and the other with targetattr='*'.
- *
- * @throws Exception If test result is unexpected.
- */
- @Test()
- public void testTargetAttrSrchShorthand() throws Exception {
- //Aci: (targetattrs="sn || uid || +) and search with an
- //operational attr (aci).
- String aciLdif=makeAddAciLdif("aci", user1, OpSrchAttrs);
- modEntries(aciLdif, DIR_MGR_DN, PWD);
- String userResults =
- LDAPSearchParams(user3, PWD, null, null, null,
- user1, aciFilter, opAttrList);
- Assert.assertFalse(userResults.equals(""));
- HashMap<String, String> attrMap=getAttrMap(userResults);
- //All should be returned.
- Assert.assertTrue(attrMap.containsKey("aci"));
- Assert.assertTrue(attrMap.containsKey("sn"));
- Assert.assertTrue(attrMap.containsKey("uid"));
- deleteAttrFromEntry(user1, "aci");
- //Add two ACIs, one with '+' and the other with '*'.
- String aciLdif1=makeAddAciLdif("aci", user1, allOpAttrAci1, userAttrAci);
- modEntries(aciLdif1, DIR_MGR_DN, PWD);
- String userResults1 =
- LDAPSearchParams(user3, PWD, null, null, null,
- user1, aciFilter, opAttrList);
- Assert.assertFalse(userResults1.equals(""));
- HashMap<String, String> attrMap1=getAttrMap(userResults1);
- //All should be returned.
- Assert.assertTrue(attrMap1.containsKey("aci"));
- Assert.assertTrue(attrMap1.containsKey("sn"));
- Assert.assertTrue(attrMap1.containsKey("uid"));
- deleteAttrFromEntry(user1, "aci");
- //Add two ACIs, one with '+' and the other with '*'.
- String aciLdif2=makeAddAciLdif("aci", user1, notAllOpAttrAci1, userAttrAci);
- modEntries(aciLdif2, DIR_MGR_DN, PWD);
- String userResults2 =
- LDAPSearchParams(user3, PWD, null, null, null,
- user1, filter, opAttrList);
- Assert.assertFalse(userResults2.equals(""));
- HashMap<String, String> attrMap2=getAttrMap(userResults2);
- //Only non-operation should be returned.
- Assert.assertFalse(attrMap2.containsKey("aci"));
- Assert.assertTrue(attrMap2.containsKey("sn"));
- Assert.assertTrue(attrMap2.containsKey("uid"));
- deleteAttrFromEntry(user1, "aci");
- }
-
-
private void
checkAttributeVal(HashMap<String, String> attrMap, String attr,
String val) throws Exception {
--
Gitblit v1.10.0