From 1f1ed9bec4371d19dab9800eb3196dc8fcb85e1b Mon Sep 17 00:00:00 2001
From: floblanc <floblanc@localhost>
Date: Thu, 30 Oct 2008 09:38:44 +0000
Subject: [PATCH] Fix Issue 3540: Network Group: Uncaught java.lang.OutOfMemoryError while looping on calling dsconfig setting config properties
---
opendj-sdk/opends/src/server/org/opends/server/core/networkgroups/NetworkGroupCriteria.java | 12 +++++
opendj-sdk/opends/src/server/org/opends/server/core/networkgroups/RequestFilteringPolicy.java | 51 ++++++++++++++++++++++++-
opendj-sdk/opends/src/server/org/opends/server/core/networkgroups/ResourceLimits.java | 12 +++++
opendj-sdk/opends/src/messages/messages/config.properties | 7 +++
4 files changed, 76 insertions(+), 6 deletions(-)
diff --git a/opendj-sdk/opends/src/messages/messages/config.properties b/opendj-sdk/opends/src/messages/messages/config.properties
index 55631a4..2f2fd20 100644
--- a/opendj-sdk/opends/src/messages/messages/config.properties
+++ b/opendj-sdk/opends/src/messages/messages/config.properties
@@ -2144,4 +2144,9 @@
MILD_ERR_CONFIG_EXTENSION_INITIALIZATION_FAILED_718=An error occurred while \
trying to initialize an instance of class %s as an extension as \
defined in configuration entry %s: %s
-
+SEVERE_ERR_CONFIG_NETWORKGROUPREQUESTFILTERINGPOLICY_INVALID_ATTRIBUTE_719=The \
+ allowed attribute %s specified in configuration entry %s is also defined as \
+ a prohibited attribute
+SEVERE_ERR_CONFIG_NETWORKGROUPREQUESTFILTERINGPOLICY_INVALID_SUBTREE_720=The \
+ allowed subtree %s specified in configuration entry %s is also defined as \
+ a prohibited subtree
diff --git a/opendj-sdk/opends/src/server/org/opends/server/core/networkgroups/NetworkGroupCriteria.java b/opendj-sdk/opends/src/server/org/opends/server/core/networkgroups/NetworkGroupCriteria.java
index 02b0286..f8b3c7a 100644
--- a/opendj-sdk/opends/src/server/org/opends/server/core/networkgroups/NetworkGroupCriteria.java
+++ b/opendj-sdk/opends/src/server/org/opends/server/core/networkgroups/NetworkGroupCriteria.java
@@ -70,6 +70,9 @@
private PortCriteria portCriteria;
private SecurityCriteria securityCriteria;
+ // The current config
+ private NetworkGroupCriteriaCfg config;
+
/**
* Constructor.
*
@@ -93,6 +96,10 @@
portCriteria = null;
securityCriteria = null;
isConfigured = false;
+ if (config != null) {
+ config.removeChangeListener(this);
+ config = null;
+ }
}
/**
@@ -142,7 +149,10 @@
securityCriteria = null;
}
isConfigured = true;
- criteriaCfg.addChangeListener(this);
+ if (config == null) {
+ criteriaCfg.addChangeListener(this);
+ }
+ config = criteriaCfg;
} else {
resetCriteria();
}
diff --git a/opendj-sdk/opends/src/server/org/opends/server/core/networkgroups/RequestFilteringPolicy.java b/opendj-sdk/opends/src/server/org/opends/server/core/networkgroups/RequestFilteringPolicy.java
index 1c3a462..cd890a4 100644
--- a/opendj-sdk/opends/src/server/org/opends/server/core/networkgroups/RequestFilteringPolicy.java
+++ b/opendj-sdk/opends/src/server/org/opends/server/core/networkgroups/RequestFilteringPolicy.java
@@ -57,6 +57,7 @@
import org.opends.server.types.operation.PreParseOperation;
import org.opends.server.types.operation.PreParseSearchOperation;
import static org.opends.messages.CoreMessages.*;
+import static org.opends.messages.ConfigMessages.*;
/**
@@ -89,6 +90,8 @@
// The list of prohibited subtrees
Set<DN> prohibitedSubtrees = null;
+ // The current configuration
+ NetworkGroupRequestFilteringPolicyCfg config = null;
/**
* Constructor.
@@ -113,6 +116,10 @@
prohibitedSubtrees = Collections.emptySet();
isConfigured = false;
+ if (config != null) {
+ config.removeChangeListener(this);
+ }
+ config = null;
}
/**
@@ -131,8 +138,10 @@
allowedSubtrees = policyCfg.getAllowedSubtrees();
prohibitedSubtrees = policyCfg.getProhibitedSubtrees();
- policyCfg.addChangeListener(this);
-
+ if (config == null) {
+ policyCfg.addChangeListener(this);
+ }
+ config = policyCfg;
isConfigured = true;
} else {
resetPolicy();
@@ -286,6 +295,11 @@
// The attributes specified in prohibitedAttributes are not OK
result = (!containsProhibitedAttribute(searchOp.getRawFilter()));
}
+ if (!result) {
+ messages.add(INFO_ERROR_ATTRIBUTE_NOT_ALLOWED.get());
+ return result;
+ }
+
if (!allowedAttributes.isEmpty()) {
// Only the attributes specified in allowedAttributes are OK
result = (containsOnlyAllowedAttributes(searchOp.getRawFilter()));
@@ -328,6 +342,10 @@
result = (!prohibitedAttributes.contains(
compareOp.getRawAttributeType()));
}
+ if (!result) {
+ messages.add(INFO_ERROR_ATTRIBUTE_NOT_ALLOWED.get());
+ return result;
+ }
if (!allowedAttributes.isEmpty()) {
result = (allowedAttributes.contains(compareOp.getRawAttributeType()));
}
@@ -525,7 +543,11 @@
public boolean isConfigurationAddAcceptable(
NetworkGroupRequestFilteringPolicyCfg configuration,
List<Message> unacceptableReasons) {
- return (!isConfigured);
+ if (isConfigured) {
+ return false;
+ }
+ return (isConfigurationChangeAcceptable(configuration,
+ unacceptableReasons));
}
/**
@@ -575,6 +597,29 @@
public boolean isConfigurationChangeAcceptable(
NetworkGroupRequestFilteringPolicyCfg configuration,
List<Message> unacceptableReasons) {
+ if (configuration != null) {
+ // Check that allowed-attributes does not contain any attribute
+ // also configured in prohibited-attributes
+ for (String allowedAttr: configuration.getAllowedAttributes()) {
+ if (configuration.getProhibitedAttributes().contains(allowedAttr)) {
+ unacceptableReasons.add(
+ ERR_CONFIG_NETWORKGROUPREQUESTFILTERINGPOLICY_INVALID_ATTRIBUTE
+ .get(allowedAttr, configuration.dn().toString()));
+ return false;
+ }
+ }
+
+ // Check that allowed-subtrees does not contain any subtree also
+ // configured in prohibited-subtrees
+ for (DN allowedSubtree: configuration.getAllowedSubtrees()) {
+ if (configuration.getProhibitedSubtrees().contains(allowedSubtree)) {
+ unacceptableReasons.add(
+ ERR_CONFIG_NETWORKGROUPREQUESTFILTERINGPOLICY_INVALID_SUBTREE.get(
+ allowedSubtree.toString(), configuration.dn().toString()));
+ return false;
+ }
+ }
+ }
return true;
}
diff --git a/opendj-sdk/opends/src/server/org/opends/server/core/networkgroups/ResourceLimits.java b/opendj-sdk/opends/src/server/org/opends/server/core/networkgroups/ResourceLimits.java
index 04a5d17..6ed1ed7 100644
--- a/opendj-sdk/opends/src/server/org/opends/server/core/networkgroups/ResourceLimits.java
+++ b/opendj-sdk/opends/src/server/org/opends/server/core/networkgroups/ResourceLimits.java
@@ -87,6 +87,9 @@
// The lock for the counter numConnections and the map connectionsPerIpMap
Object connMutex = new Object();
+ // The current configuration
+ private NetworkGroupResourceLimitsCfg config = null;
+
/**
* Constructor.
*
@@ -111,6 +114,10 @@
numConnections = 0;
connectionsPerIpMap = new HashMap<String, Integer>();
isConfigured = false;
+ if (config != null) {
+ config.removeChangeListener(this);
+ config = null;
+ }
}
/**
@@ -131,7 +138,10 @@
minSearchSubstringLength = resourcesCfg.getMinSubstringLength();
connectionsPerIpMap = new HashMap<String, Integer>();
- resourcesCfg.addChangeListener(this);
+ if (config == null) {
+ resourcesCfg.addChangeListener(this);
+ }
+ config = resourcesCfg;
isConfigured = true;
} else {
resetLimits();
--
Gitblit v1.10.0