From 977d282dbf8559470e67cfcc0b4e45c40980edfd Mon Sep 17 00:00:00 2001
From: Jean-Noel Rouvignac <jean-noel.rouvignac@forgerock.com>
Date: Wed, 22 Oct 2014 10:50:49 +0000
Subject: [PATCH] OPENDJ-1545 Remove Workflow, NetworkGroups and related attempts at building a proxy
---
opendj3-server-dev/src/server/org/opends/server/workflowelement/WorkflowElement.java | 136 +-------------
/dev/null | 249 ---------------------------
opendj3-server-dev/src/server/org/opends/server/workflowelement/WorkflowElementConfigManager.java | 12 -
opendj3-server-dev/src/server/org/opends/server/workflowelement/localbackend/LocalBackendWorkflowElement.java | 54 +++--
opendj3-server-dev/src/server/org/opends/server/core/networkgroups/RequestFilteringPolicy.java | 13 -
opendj3-server-dev/src/server/org/opends/server/core/networkgroups/NetworkGroup.java | 51 -----
opendj3-server-dev/src/server/org/opends/server/core/networkgroups/ResourceLimitsPolicy.java | 11 -
7 files changed, 52 insertions(+), 474 deletions(-)
diff --git a/opendj-config-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/RequestFilteringQOSPolicyConfiguration.xml b/opendj-config-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/RequestFilteringQOSPolicyConfiguration.xml
deleted file mode 100644
index a50e81f..0000000
--- a/opendj-config-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/RequestFilteringQOSPolicyConfiguration.xml
+++ /dev/null
@@ -1,207 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<!--
- ! CDDL HEADER START
- !
- ! The contents of this file are subject to the terms of the
- ! Common Development and Distribution License, Version 1.0 only
- ! (the "License"). You may not use this file except in compliance
- ! with the License.
- !
- ! You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
- ! or http://forgerock.org/license/CDDLv1.0.html.
- ! See the License for the specific language governing permissions
- ! and limitations under the License.
- !
- ! When distributing Covered Code, include this CDDL HEADER in each
- ! file and include the License file at legal-notices/CDDLv1_0.txt.
- ! If applicable, add the following below this CDDL HEADER, with the
- ! fields enclosed by brackets "[]" replaced with your own identifying
- ! information:
- ! Portions Copyright [yyyy] [name of copyright owner]
- !
- ! CDDL HEADER END
- !
- !
- ! Copyright 2009 Sun Microsystems, Inc.
- ! -->
-<adm:managed-object name="request-filtering-qos-policy"
- plural-name="request-filtering-qos-policies"
- extends="qos-policy"
- package="org.forgerock.opendj.server.config"
- xmlns:adm="http://opendj.forgerock.org/admin"
- xmlns:ldap="http://opendj.forgerock.org/admin-ldap">
- <adm:synopsis>
- The
- <adm:user-friendly-name/>
- is used to define the type of requests allowed by the server.
- </adm:synopsis>
- <adm:profile name="ldap">
- <ldap:object-class>
- <ldap:name>ds-cfg-request-filtering-qos-policy</ldap:name>
- <ldap:superior>ds-cfg-qos-policy</ldap:superior>
- </ldap:object-class>
- </adm:profile>
- <adm:property-override name="java-class" advanced="true">
- <adm:default-behavior>
- <adm:defined>
- <adm:value>
- org.opends.server.core.networkgroups.RequestFilteringPolicyFactory
- </adm:value>
- </adm:defined>
- </adm:default-behavior>
- </adm:property-override>
- <adm:property name="allowed-operations" multi-valued="true">
- <adm:synopsis>
- Specifies which operations are allowed by the server.
- </adm:synopsis>
- <adm:default-behavior>
- <adm:alias>
- <adm:synopsis>All operations are allowed.</adm:synopsis>
- </adm:alias>
- </adm:default-behavior>
- <adm:syntax>
- <adm:enumeration>
- <adm:value name="add">
- <adm:synopsis>Add operations.</adm:synopsis>
- </adm:value>
- <adm:value name="bind">
- <adm:synopsis>Bind operations.</adm:synopsis>
- </adm:value>
- <adm:value name="compare">
- <adm:synopsis>Compare operations</adm:synopsis>
- </adm:value>
- <adm:value name="delete">
- <adm:synopsis>Delete operations</adm:synopsis>
- </adm:value>
- <adm:value name="extended">
- <adm:synopsis>Extended operations</adm:synopsis>
- </adm:value>
- <adm:value name="inequality-search">
- <adm:synopsis>Inequality Search operations
- </adm:synopsis>
- </adm:value>
- <adm:value name="modify">
- <adm:synopsis>Modify operations</adm:synopsis>
- </adm:value>
- <adm:value name="rename">
- <adm:synopsis>Rename operations</adm:synopsis>
- </adm:value>
- <adm:value name="search">
- <adm:synopsis>Search operations</adm:synopsis>
- </adm:value>
- </adm:enumeration>
- </adm:syntax>
- <adm:profile name="ldap">
- <ldap:attribute>
- <ldap:name>ds-cfg-allowed-operations</ldap:name>
- </ldap:attribute>
- </adm:profile>
- </adm:property>
- <adm:property name="allowed-attributes" multi-valued="true">
- <adm:synopsis>
- Specifies which attributes are allowed in search and
- compare operations.
- </adm:synopsis>
- <adm:default-behavior>
- <adm:alias>
- <adm:synopsis>All non-prohibited attributes.</adm:synopsis>
- </adm:alias>
- </adm:default-behavior>
- <adm:syntax>
- <adm:string/>
- </adm:syntax>
- <adm:profile name="ldap">
- <ldap:attribute>
- <ldap:name>ds-cfg-allowed-attributes</ldap:name>
- </ldap:attribute>
- </adm:profile>
- </adm:property>
- <adm:property name="prohibited-attributes" mandatory="false"
- multi-valued="true">
- <adm:synopsis>
- Specifies which attributes are not allowed in search
- and compare operations.
- </adm:synopsis>
- <adm:default-behavior>
- <adm:alias>
- <adm:synopsis>All allowed attributes.</adm:synopsis>
- </adm:alias>
- </adm:default-behavior>
- <adm:syntax>
- <adm:string/>
- </adm:syntax>
- <adm:profile name="ldap">
- <ldap:attribute>
- <ldap:name>ds-cfg-prohibited-attributes</ldap:name>
- </ldap:attribute>
- </adm:profile>
- </adm:property>
- <adm:property name="allowed-search-scopes" multi-valued="true">
- <adm:synopsis>
- Specifies which search scopes are allowed by the server.
- </adm:synopsis>
- <adm:default-behavior>
- <adm:alias>
- <adm:synopsis>All search scopes are allowed.</adm:synopsis>
- </adm:alias>
- </adm:default-behavior>
- <adm:syntax>
- <adm:enumeration>
- <adm:value name="base">
- <adm:synopsis>Base-object search.</adm:synopsis>
- </adm:value>
- <adm:value name="one">
- <adm:synopsis>One-level search.</adm:synopsis>
- </adm:value>
- <adm:value name="sub">
- <adm:synopsis>Whole subtree search</adm:synopsis>
- </adm:value>
- <adm:value name="children">
- <adm:synopsis>Subordinate subtree search</adm:synopsis>
- </adm:value>
- </adm:enumeration>
- </adm:syntax>
- <adm:profile name="ldap">
- <ldap:attribute>
- <ldap:name>ds-cfg-allowed-search-scopes</ldap:name>
- </ldap:attribute>
- </adm:profile>
- </adm:property>
- <adm:property name="allowed-subtrees" multi-valued="true">
- <adm:synopsis>
- Specifies which subtrees are accessible to clients.
- </adm:synopsis>
- <adm:default-behavior>
- <adm:alias>
- <adm:synopsis>All non-prohibited subtrees.</adm:synopsis>
- </adm:alias>
- </adm:default-behavior>
- <adm:syntax>
- <adm:dn/>
- </adm:syntax>
- <adm:profile name="ldap">
- <ldap:attribute>
- <ldap:name>ds-cfg-allowed-subtrees</ldap:name>
- </ldap:attribute>
- </adm:profile>
- </adm:property>
- <adm:property name="prohibited-subtrees" multi-valued="true">
- <adm:synopsis>
- Specifies which subtrees must be hidden from clients. Each
- prohibited subtree must be subordinate to an allowed subtree.
- </adm:synopsis>
- <adm:default-behavior>
- <adm:alias>
- <adm:synopsis>All allowed subtrees.</adm:synopsis>
- </adm:alias>
- </adm:default-behavior>
- <adm:syntax>
- <adm:dn/>
- </adm:syntax>
- <adm:profile name="ldap">
- <ldap:attribute>
- <ldap:name>ds-cfg-prohibited-subtrees</ldap:name>
- </ldap:attribute>
- </adm:profile>
- </adm:property>
-</adm:managed-object>
diff --git a/opendj-config-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/ResourceLimitsQOSPolicyConfiguration.xml b/opendj-config-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/ResourceLimitsQOSPolicyConfiguration.xml
deleted file mode 100644
index d35beb3..0000000
--- a/opendj-config-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/ResourceLimitsQOSPolicyConfiguration.xml
+++ /dev/null
@@ -1,274 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<!--
- ! CDDL HEADER START
- !
- ! The contents of this file are subject to the terms of the
- ! Common Development and Distribution License, Version 1.0 only
- ! (the "License"). You may not use this file except in compliance
- ! with the License.
- !
- ! You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
- ! or http://forgerock.org/license/CDDLv1.0.html.
- ! See the License for the specific language governing permissions
- ! and limitations under the License.
- !
- ! When distributing Covered Code, include this CDDL HEADER in each
- ! file and include the License file at legal-notices/CDDLv1_0.txt.
- ! If applicable, add the following below this CDDL HEADER, with the
- ! fields enclosed by brackets "[]" replaced with your own identifying
- ! information:
- ! Portions Copyright [yyyy] [name of copyright owner]
- !
- ! CDDL HEADER END
- !
- !
- ! Copyright 2009-2010 Sun Microsystems, Inc.
- ! -->
-<adm:managed-object name="resource-limits-qos-policy"
- plural-name="resource-limits-qos-policies"
- extends="qos-policy"
- package="org.forgerock.opendj.server.config"
- xmlns:adm="http://opendj.forgerock.org/admin"
- xmlns:ldap="http://opendj.forgerock.org/admin-ldap">
- <adm:synopsis>
- The
- <adm:user-friendly-name/>
- are used to define resource limits enforced by the server.
- </adm:synopsis>
- <adm:profile name="ldap">
- <ldap:object-class>
- <ldap:name>ds-cfg-resource-limits-qos-policy</ldap:name>
- <ldap:superior>ds-cfg-qos-policy</ldap:superior>
- </ldap:object-class>
- </adm:profile>
- <adm:property-override name="java-class" advanced="true">
- <adm:default-behavior>
- <adm:defined>
- <adm:value>
- org.opends.server.core.networkgroups.ResourceLimitsPolicyFactory
- </adm:value>
- </adm:defined>
- </adm:default-behavior>
- </adm:property-override>
- <adm:property name="max-connections">
- <adm:TODO>Make use of unlimited.</adm:TODO>
- <adm:synopsis>
- Specifies the maximum number of concurrent client connections
- to the server.
- </adm:synopsis>
- <adm:description>
- A value of 0 means that no limit is enforced.
- </adm:description>
- <adm:default-behavior>
- <adm:defined>
- <adm:value>0</adm:value>
- </adm:defined>
- </adm:default-behavior>
- <adm:syntax>
- <adm:integer lower-limit="0"/>
- </adm:syntax>
- <adm:profile name="ldap">
- <ldap:attribute>
- <ldap:name>ds-cfg-max-connections</ldap:name>
- </ldap:attribute>
- </adm:profile>
- </adm:property>
- <adm:property name="max-connections-from-same-ip">
- <adm:TODO>Make use of unlimited.</adm:TODO>
- <adm:synopsis>
- Specifies the maximum number of client connections from the
- same source address.
- </adm:synopsis>
- <adm:description>
- A value of 0 means that no limit is enforced.
- </adm:description>
- <adm:default-behavior>
- <adm:defined>
- <adm:value>0</adm:value>
- </adm:defined>
- </adm:default-behavior>
- <adm:syntax>
- <adm:integer lower-limit="0"/>
- </adm:syntax>
- <adm:profile name="ldap">
- <ldap:attribute>
- <ldap:name>ds-cfg-max-connections-from-same-ip</ldap:name>
- </ldap:attribute>
- </adm:profile>
- </adm:property>
- <adm:property name="max-ops-per-connection">
- <adm:TODO>Make use of unlimited.</adm:TODO>
- <adm:synopsis>
- Specifies the maximum number of operations per
- client connection.
- </adm:synopsis>
- <adm:description>
- A value of 0 means that no limit is enforced.
- </adm:description>
- <adm:default-behavior>
- <adm:defined>
- <adm:value>0</adm:value>
- </adm:defined>
- </adm:default-behavior>
- <adm:syntax>
- <adm:integer lower-limit="0"/>
- </adm:syntax>
- <adm:profile name="ldap">
- <ldap:attribute>
- <ldap:name>ds-cfg-max-ops-per-connection</ldap:name>
- </ldap:attribute>
- </adm:profile>
- </adm:property>
- <adm:property name="max-concurrent-ops-per-connection">
- <adm:TODO>Make use of unlimited.</adm:TODO>
- <adm:synopsis>
- Specifies the maximum number of concurrent operations
- per client connection.
- </adm:synopsis>
- <adm:description>
- A value of 0 means that no limit is enforced.
- </adm:description>
- <adm:default-behavior>
- <adm:defined>
- <adm:value>0</adm:value>
- </adm:defined>
- </adm:default-behavior>
- <adm:syntax>
- <adm:integer lower-limit="0"/>
- </adm:syntax>
- <adm:profile name="ldap">
- <ldap:attribute>
- <ldap:name>ds-cfg-max-concurrent-ops-per-connection</ldap:name>
- </ldap:attribute>
- </adm:profile>
- </adm:property>
- <adm:property name="size-limit">
- <adm:TODO>Make use of unlimited.</adm:TODO>
- <adm:synopsis>
- Specifies the maximum number of entries that can be returned
- to the client during a single search operation.
- </adm:synopsis>
- <adm:description>
- A value of 0 indicates that no size limit is enforced. Note
- that this is the default for the server, but it may be
- overridden on a per-user basis using the ds-rlim-size-limit
- operational attribute.
- </adm:description>
- <adm:default-behavior>
- <adm:inherited>
- <adm:absolute property-name="size-limit"
- path="/relation=global-configuration"/>
- </adm:inherited>
- </adm:default-behavior>
- <adm:syntax>
- <adm:integer lower-limit="0"/>
- </adm:syntax>
- <adm:profile name="ldap">
- <ldap:attribute>
- <ldap:name>ds-cfg-size-limit</ldap:name>
- </ldap:attribute>
- </adm:profile>
- </adm:property>
- <adm:property name="time-limit">
- <adm:TODO>Make use of unlimited.</adm:TODO>
- <adm:synopsis>
- Specifies the maximum length of time that should be spent processing
- a search operation.
- </adm:synopsis>
- <adm:description>
- A value of 0 seconds indicates that no time limit is
- enforced. Note that this is the default for the server,
- but it may be overridden on a per-user basis using the
- ds-rlim-time-limit operational attribute.
- </adm:description>
- <adm:default-behavior>
- <adm:inherited>
- <adm:absolute property-name="time-limit"
- path="/relation=global-configuration"/>
- </adm:inherited>
- </adm:default-behavior>
- <adm:syntax>
- <adm:duration base-unit="s" lower-limit="0"/>
- </adm:syntax>
- <adm:profile name="ldap">
- <ldap:attribute>
- <ldap:name>ds-cfg-time-limit</ldap:name>
- </ldap:attribute>
- </adm:profile>
- </adm:property>
- <adm:property name="min-substring-length">
- <adm:TODO>Make use of unlimited.</adm:TODO>
- <adm:synopsis>
- Specifies the minimum length for a search filter substring.
- </adm:synopsis>
- <adm:description>
- Search operations with short search filter substring are
- likely to match a high number of entries and might degrade
- performance overall. A value of 0 indicates that no limit is
- enforced.
- </adm:description>
- <adm:default-behavior>
- <adm:defined>
- <adm:value>0</adm:value>
- </adm:defined>
- </adm:default-behavior>
- <adm:syntax>
- <adm:integer lower-limit="0"/>
- </adm:syntax>
- <adm:profile name="ldap">
- <ldap:attribute>
- <ldap:name>ds-cfg-min-substring-length</ldap:name>
- </ldap:attribute>
- </adm:profile>
- </adm:property>
- <adm:property name="max-ops-per-interval">
- <adm:synopsis>
- Specifies the maximum number of operations that can take place on
- the same network group during the specified interval.
- </adm:synopsis>
- <adm:description>
- When the maximum number of operations per interval is reached, all
- subsequent operations on the same network group are refused until the
- end of the time interval. This parameter allows to limit the throughput
- on the network group.
- A value of 0 indicates that no limit is enforced.
- </adm:description>
- <adm:default-behavior>
- <adm:defined>
- <adm:value>0</adm:value>
- </adm:defined>
- </adm:default-behavior>
- <adm:syntax>
- <adm:integer lower-limit="0"/>
- </adm:syntax>
- <adm:profile name="ldap">
- <ldap:attribute>
- <ldap:name>ds-cfg-max-ops-per-interval</ldap:name>
- </ldap:attribute>
- </adm:profile>
- </adm:property>
- <adm:property name="max-ops-interval">
- <adm:synopsis>
- Specifies the interval during which the number of operations is limited.
- </adm:synopsis>
- <adm:description>
- When the maximum number of operations per interval is reached, all
- subsequent operations on the same network group are refused until the
- end of the time interval. This parameter allows to limit the throughput
- on the network group.
- </adm:description>
- <adm:default-behavior>
- <adm:defined>
- <adm:value>1s</adm:value>
- </adm:defined>
- </adm:default-behavior>
- <adm:syntax>
- <adm:duration base-unit="ms" lower-limit="1"/>
- </adm:syntax>
- <adm:profile name="ldap">
- <ldap:attribute>
- <ldap:name>ds-cfg-max-ops-interval</ldap:name>
- </ldap:attribute>
- </adm:profile>
- </adm:property>
-</adm:managed-object>
diff --git a/opendj3-server-dev/src/admin/defn/org/opends/server/admin/std/RequestFilteringQOSPolicyConfiguration.xml b/opendj3-server-dev/src/admin/defn/org/opends/server/admin/std/RequestFilteringQOSPolicyConfiguration.xml
deleted file mode 100644
index 49a3bb5..0000000
--- a/opendj3-server-dev/src/admin/defn/org/opends/server/admin/std/RequestFilteringQOSPolicyConfiguration.xml
+++ /dev/null
@@ -1,207 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<!--
- ! CDDL HEADER START
- !
- ! The contents of this file are subject to the terms of the
- ! Common Development and Distribution License, Version 1.0 only
- ! (the "License"). You may not use this file except in compliance
- ! with the License.
- !
- ! You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
- ! or http://forgerock.org/license/CDDLv1.0.html.
- ! See the License for the specific language governing permissions
- ! and limitations under the License.
- !
- ! When distributing Covered Code, include this CDDL HEADER in each
- ! file and include the License file at legal-notices/CDDLv1_0.txt.
- ! If applicable, add the following below this CDDL HEADER, with the
- ! fields enclosed by brackets "[]" replaced with your own identifying
- ! information:
- ! Portions Copyright [yyyy] [name of copyright owner]
- !
- ! CDDL HEADER END
- !
- !
- ! Copyright 2009 Sun Microsystems, Inc.
- ! -->
-<adm:managed-object name="request-filtering-qos-policy"
- plural-name="request-filtering-qos-policies"
- extends="qos-policy"
- package="org.opends.server.admin.std"
- xmlns:adm="http://www.opends.org/admin"
- xmlns:ldap="http://www.opends.org/admin-ldap">
- <adm:synopsis>
- The
- <adm:user-friendly-name/>
- is used to define the type of requests allowed by the server.
- </adm:synopsis>
- <adm:profile name="ldap">
- <ldap:object-class>
- <ldap:name>ds-cfg-request-filtering-qos-policy</ldap:name>
- <ldap:superior>ds-cfg-qos-policy</ldap:superior>
- </ldap:object-class>
- </adm:profile>
- <adm:property-override name="java-class" advanced="true">
- <adm:default-behavior>
- <adm:defined>
- <adm:value>
- org.opends.server.core.networkgroups.RequestFilteringPolicyFactory
- </adm:value>
- </adm:defined>
- </adm:default-behavior>
- </adm:property-override>
- <adm:property name="allowed-operations" multi-valued="true">
- <adm:synopsis>
- Specifies which operations are allowed by the server.
- </adm:synopsis>
- <adm:default-behavior>
- <adm:alias>
- <adm:synopsis>All operations are allowed.</adm:synopsis>
- </adm:alias>
- </adm:default-behavior>
- <adm:syntax>
- <adm:enumeration>
- <adm:value name="add">
- <adm:synopsis>Add operations.</adm:synopsis>
- </adm:value>
- <adm:value name="bind">
- <adm:synopsis>Bind operations.</adm:synopsis>
- </adm:value>
- <adm:value name="compare">
- <adm:synopsis>Compare operations</adm:synopsis>
- </adm:value>
- <adm:value name="delete">
- <adm:synopsis>Delete operations</adm:synopsis>
- </adm:value>
- <adm:value name="extended">
- <adm:synopsis>Extended operations</adm:synopsis>
- </adm:value>
- <adm:value name="inequality-search">
- <adm:synopsis>Inequality Search operations
- </adm:synopsis>
- </adm:value>
- <adm:value name="modify">
- <adm:synopsis>Modify operations</adm:synopsis>
- </adm:value>
- <adm:value name="rename">
- <adm:synopsis>Rename operations</adm:synopsis>
- </adm:value>
- <adm:value name="search">
- <adm:synopsis>Search operations</adm:synopsis>
- </adm:value>
- </adm:enumeration>
- </adm:syntax>
- <adm:profile name="ldap">
- <ldap:attribute>
- <ldap:name>ds-cfg-allowed-operations</ldap:name>
- </ldap:attribute>
- </adm:profile>
- </adm:property>
- <adm:property name="allowed-attributes" multi-valued="true">
- <adm:synopsis>
- Specifies which attributes are allowed in search and
- compare operations.
- </adm:synopsis>
- <adm:default-behavior>
- <adm:alias>
- <adm:synopsis>All non-prohibited attributes.</adm:synopsis>
- </adm:alias>
- </adm:default-behavior>
- <adm:syntax>
- <adm:string/>
- </adm:syntax>
- <adm:profile name="ldap">
- <ldap:attribute>
- <ldap:name>ds-cfg-allowed-attributes</ldap:name>
- </ldap:attribute>
- </adm:profile>
- </adm:property>
- <adm:property name="prohibited-attributes" mandatory="false"
- multi-valued="true">
- <adm:synopsis>
- Specifies which attributes are not allowed in search
- and compare operations.
- </adm:synopsis>
- <adm:default-behavior>
- <adm:alias>
- <adm:synopsis>All allowed attributes.</adm:synopsis>
- </adm:alias>
- </adm:default-behavior>
- <adm:syntax>
- <adm:string/>
- </adm:syntax>
- <adm:profile name="ldap">
- <ldap:attribute>
- <ldap:name>ds-cfg-prohibited-attributes</ldap:name>
- </ldap:attribute>
- </adm:profile>
- </adm:property>
- <adm:property name="allowed-search-scopes" multi-valued="true">
- <adm:synopsis>
- Specifies which search scopes are allowed by the server.
- </adm:synopsis>
- <adm:default-behavior>
- <adm:alias>
- <adm:synopsis>All search scopes are allowed.</adm:synopsis>
- </adm:alias>
- </adm:default-behavior>
- <adm:syntax>
- <adm:enumeration>
- <adm:value name="base">
- <adm:synopsis>Base-object search.</adm:synopsis>
- </adm:value>
- <adm:value name="one">
- <adm:synopsis>One-level search.</adm:synopsis>
- </adm:value>
- <adm:value name="sub">
- <adm:synopsis>Whole subtree search</adm:synopsis>
- </adm:value>
- <adm:value name="children">
- <adm:synopsis>Subordinate subtree search</adm:synopsis>
- </adm:value>
- </adm:enumeration>
- </adm:syntax>
- <adm:profile name="ldap">
- <ldap:attribute>
- <ldap:name>ds-cfg-allowed-search-scopes</ldap:name>
- </ldap:attribute>
- </adm:profile>
- </adm:property>
- <adm:property name="allowed-subtrees" multi-valued="true">
- <adm:synopsis>
- Specifies which subtrees are accessible to clients.
- </adm:synopsis>
- <adm:default-behavior>
- <adm:alias>
- <adm:synopsis>All non-prohibited subtrees.</adm:synopsis>
- </adm:alias>
- </adm:default-behavior>
- <adm:syntax>
- <adm:dn/>
- </adm:syntax>
- <adm:profile name="ldap">
- <ldap:attribute>
- <ldap:name>ds-cfg-allowed-subtrees</ldap:name>
- </ldap:attribute>
- </adm:profile>
- </adm:property>
- <adm:property name="prohibited-subtrees" multi-valued="true">
- <adm:synopsis>
- Specifies which subtrees must be hidden from clients. Each
- prohibited subtree must be subordinate to an allowed subtree.
- </adm:synopsis>
- <adm:default-behavior>
- <adm:alias>
- <adm:synopsis>All allowed subtrees.</adm:synopsis>
- </adm:alias>
- </adm:default-behavior>
- <adm:syntax>
- <adm:dn/>
- </adm:syntax>
- <adm:profile name="ldap">
- <ldap:attribute>
- <ldap:name>ds-cfg-prohibited-subtrees</ldap:name>
- </ldap:attribute>
- </adm:profile>
- </adm:property>
-</adm:managed-object>
diff --git a/opendj3-server-dev/src/admin/defn/org/opends/server/admin/std/ResourceLimitsQOSPolicyConfiguration.xml b/opendj3-server-dev/src/admin/defn/org/opends/server/admin/std/ResourceLimitsQOSPolicyConfiguration.xml
deleted file mode 100644
index aea9111..0000000
--- a/opendj3-server-dev/src/admin/defn/org/opends/server/admin/std/ResourceLimitsQOSPolicyConfiguration.xml
+++ /dev/null
@@ -1,274 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<!--
- ! CDDL HEADER START
- !
- ! The contents of this file are subject to the terms of the
- ! Common Development and Distribution License, Version 1.0 only
- ! (the "License"). You may not use this file except in compliance
- ! with the License.
- !
- ! You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
- ! or http://forgerock.org/license/CDDLv1.0.html.
- ! See the License for the specific language governing permissions
- ! and limitations under the License.
- !
- ! When distributing Covered Code, include this CDDL HEADER in each
- ! file and include the License file at legal-notices/CDDLv1_0.txt.
- ! If applicable, add the following below this CDDL HEADER, with the
- ! fields enclosed by brackets "[]" replaced with your own identifying
- ! information:
- ! Portions Copyright [yyyy] [name of copyright owner]
- !
- ! CDDL HEADER END
- !
- !
- ! Copyright 2009-2010 Sun Microsystems, Inc.
- ! -->
-<adm:managed-object name="resource-limits-qos-policy"
- plural-name="resource-limits-qos-policies"
- extends="qos-policy"
- package="org.opends.server.admin.std"
- xmlns:adm="http://www.opends.org/admin"
- xmlns:ldap="http://www.opends.org/admin-ldap">
- <adm:synopsis>
- The
- <adm:user-friendly-name/>
- are used to define resource limits enforced by the server.
- </adm:synopsis>
- <adm:profile name="ldap">
- <ldap:object-class>
- <ldap:name>ds-cfg-resource-limits-qos-policy</ldap:name>
- <ldap:superior>ds-cfg-qos-policy</ldap:superior>
- </ldap:object-class>
- </adm:profile>
- <adm:property-override name="java-class" advanced="true">
- <adm:default-behavior>
- <adm:defined>
- <adm:value>
- org.opends.server.core.networkgroups.ResourceLimitsPolicyFactory
- </adm:value>
- </adm:defined>
- </adm:default-behavior>
- </adm:property-override>
- <adm:property name="max-connections">
- <adm:TODO>Make use of unlimited.</adm:TODO>
- <adm:synopsis>
- Specifies the maximum number of concurrent client connections
- to the server.
- </adm:synopsis>
- <adm:description>
- A value of 0 means that no limit is enforced.
- </adm:description>
- <adm:default-behavior>
- <adm:defined>
- <adm:value>0</adm:value>
- </adm:defined>
- </adm:default-behavior>
- <adm:syntax>
- <adm:integer lower-limit="0"/>
- </adm:syntax>
- <adm:profile name="ldap">
- <ldap:attribute>
- <ldap:name>ds-cfg-max-connections</ldap:name>
- </ldap:attribute>
- </adm:profile>
- </adm:property>
- <adm:property name="max-connections-from-same-ip">
- <adm:TODO>Make use of unlimited.</adm:TODO>
- <adm:synopsis>
- Specifies the maximum number of client connections from the
- same source address.
- </adm:synopsis>
- <adm:description>
- A value of 0 means that no limit is enforced.
- </adm:description>
- <adm:default-behavior>
- <adm:defined>
- <adm:value>0</adm:value>
- </adm:defined>
- </adm:default-behavior>
- <adm:syntax>
- <adm:integer lower-limit="0"/>
- </adm:syntax>
- <adm:profile name="ldap">
- <ldap:attribute>
- <ldap:name>ds-cfg-max-connections-from-same-ip</ldap:name>
- </ldap:attribute>
- </adm:profile>
- </adm:property>
- <adm:property name="max-ops-per-connection">
- <adm:TODO>Make use of unlimited.</adm:TODO>
- <adm:synopsis>
- Specifies the maximum number of operations per
- client connection.
- </adm:synopsis>
- <adm:description>
- A value of 0 means that no limit is enforced.
- </adm:description>
- <adm:default-behavior>
- <adm:defined>
- <adm:value>0</adm:value>
- </adm:defined>
- </adm:default-behavior>
- <adm:syntax>
- <adm:integer lower-limit="0"/>
- </adm:syntax>
- <adm:profile name="ldap">
- <ldap:attribute>
- <ldap:name>ds-cfg-max-ops-per-connection</ldap:name>
- </ldap:attribute>
- </adm:profile>
- </adm:property>
- <adm:property name="max-concurrent-ops-per-connection">
- <adm:TODO>Make use of unlimited.</adm:TODO>
- <adm:synopsis>
- Specifies the maximum number of concurrent operations
- per client connection.
- </adm:synopsis>
- <adm:description>
- A value of 0 means that no limit is enforced.
- </adm:description>
- <adm:default-behavior>
- <adm:defined>
- <adm:value>0</adm:value>
- </adm:defined>
- </adm:default-behavior>
- <adm:syntax>
- <adm:integer lower-limit="0"/>
- </adm:syntax>
- <adm:profile name="ldap">
- <ldap:attribute>
- <ldap:name>ds-cfg-max-concurrent-ops-per-connection</ldap:name>
- </ldap:attribute>
- </adm:profile>
- </adm:property>
- <adm:property name="size-limit">
- <adm:TODO>Make use of unlimited.</adm:TODO>
- <adm:synopsis>
- Specifies the maximum number of entries that can be returned
- to the client during a single search operation.
- </adm:synopsis>
- <adm:description>
- A value of 0 indicates that no size limit is enforced. Note
- that this is the default for the server, but it may be
- overridden on a per-user basis using the ds-rlim-size-limit
- operational attribute.
- </adm:description>
- <adm:default-behavior>
- <adm:inherited>
- <adm:absolute property-name="size-limit"
- path="/relation=global-configuration"/>
- </adm:inherited>
- </adm:default-behavior>
- <adm:syntax>
- <adm:integer lower-limit="0"/>
- </adm:syntax>
- <adm:profile name="ldap">
- <ldap:attribute>
- <ldap:name>ds-cfg-size-limit</ldap:name>
- </ldap:attribute>
- </adm:profile>
- </adm:property>
- <adm:property name="time-limit">
- <adm:TODO>Make use of unlimited.</adm:TODO>
- <adm:synopsis>
- Specifies the maximum length of time that should be spent processing
- a search operation.
- </adm:synopsis>
- <adm:description>
- A value of 0 seconds indicates that no time limit is
- enforced. Note that this is the default for the server,
- but it may be overridden on a per-user basis using the
- ds-rlim-time-limit operational attribute.
- </adm:description>
- <adm:default-behavior>
- <adm:inherited>
- <adm:absolute property-name="time-limit"
- path="/relation=global-configuration"/>
- </adm:inherited>
- </adm:default-behavior>
- <adm:syntax>
- <adm:duration base-unit="s" lower-limit="0"/>
- </adm:syntax>
- <adm:profile name="ldap">
- <ldap:attribute>
- <ldap:name>ds-cfg-time-limit</ldap:name>
- </ldap:attribute>
- </adm:profile>
- </adm:property>
- <adm:property name="min-substring-length">
- <adm:TODO>Make use of unlimited.</adm:TODO>
- <adm:synopsis>
- Specifies the minimum length for a search filter substring.
- </adm:synopsis>
- <adm:description>
- Search operations with short search filter substring are
- likely to match a high number of entries and might degrade
- performance overall. A value of 0 indicates that no limit is
- enforced.
- </adm:description>
- <adm:default-behavior>
- <adm:defined>
- <adm:value>0</adm:value>
- </adm:defined>
- </adm:default-behavior>
- <adm:syntax>
- <adm:integer lower-limit="0"/>
- </adm:syntax>
- <adm:profile name="ldap">
- <ldap:attribute>
- <ldap:name>ds-cfg-min-substring-length</ldap:name>
- </ldap:attribute>
- </adm:profile>
- </adm:property>
- <adm:property name="max-ops-per-interval">
- <adm:synopsis>
- Specifies the maximum number of operations that can take place on
- the same network group during the specified interval.
- </adm:synopsis>
- <adm:description>
- When the maximum number of operations per interval is reached, all
- subsequent operations on the same network group are refused until the
- end of the time interval. This parameter allows to limit the throughput
- on the network group.
- A value of 0 indicates that no limit is enforced.
- </adm:description>
- <adm:default-behavior>
- <adm:defined>
- <adm:value>0</adm:value>
- </adm:defined>
- </adm:default-behavior>
- <adm:syntax>
- <adm:integer lower-limit="0"/>
- </adm:syntax>
- <adm:profile name="ldap">
- <ldap:attribute>
- <ldap:name>ds-cfg-max-ops-per-interval</ldap:name>
- </ldap:attribute>
- </adm:profile>
- </adm:property>
- <adm:property name="max-ops-interval">
- <adm:synopsis>
- Specifies the interval during which the number of operations is limited.
- </adm:synopsis>
- <adm:description>
- When the maximum number of operations per interval is reached, all
- subsequent operations on the same network group are refused until the
- end of the time interval. This parameter allows to limit the throughput
- on the network group.
- </adm:description>
- <adm:default-behavior>
- <adm:defined>
- <adm:value>1s</adm:value>
- </adm:defined>
- </adm:default-behavior>
- <adm:syntax>
- <adm:duration base-unit="ms" lower-limit="1"/>
- </adm:syntax>
- <adm:profile name="ldap">
- <ldap:attribute>
- <ldap:name>ds-cfg-max-ops-interval</ldap:name>
- </ldap:attribute>
- </adm:profile>
- </adm:property>
-</adm:managed-object>
diff --git a/opendj3-server-dev/src/server/org/opends/server/core/networkgroups/NetworkGroup.java b/opendj3-server-dev/src/server/org/opends/server/core/networkgroups/NetworkGroup.java
index 99d0dd5..bf05f4f 100644
--- a/opendj3-server-dev/src/server/org/opends/server/core/networkgroups/NetworkGroup.java
+++ b/opendj3-server-dev/src/server/org/opends/server/core/networkgroups/NetworkGroup.java
@@ -431,7 +431,7 @@
* The network group ID.
* @return The network group, of <code>null</code> if no match was found.
*/
- public static NetworkGroup getNetworkGroup(String networkGroupID)
+ static NetworkGroup getNetworkGroup(String networkGroupID)
{
return registeredNetworkGroups.get(networkGroupID);
}
@@ -1038,7 +1038,7 @@
* group is unloaded. No action is taken in the default
* implementation.
*/
- public void finalizeNetworkGroup()
+ void finalizeNetworkGroup()
{
if (configuration != null)
{
@@ -1125,7 +1125,7 @@
* the specified class, or <code>null</code> if none was
* found.
*/
- public <T extends QOSPolicy> T getNetworkGroupQOSPolicy(Class<T> clazz)
+ <T extends QOSPolicy> T getNetworkGroupQOSPolicy(Class<T> clazz)
{
for (QOSPolicy policy : policies.values())
{
@@ -1134,7 +1134,6 @@
return clazz.cast(policy);
}
}
-
return null;
}
@@ -1301,50 +1300,6 @@
}
}
-
-
- /**
- * Returns the request filtering policy statistics associated with
- * this network group.
- *
- * @return The request filtering policy statistics associated with
- * this network group.
- */
- RequestFilteringPolicyStatistics getRequestFilteringPolicyStatistics()
- {
- if (requestFilteringPolicy != null)
- {
- return requestFilteringPolicy.getStatistics();
- }
- else
- {
- return null;
- }
- }
-
-
-
- /**
- * Returns the resource limits policy statistics associated with this
- * network group.
- *
- * @return The resource limits policy statistics associated with this
- * network group.
- */
- ResourceLimitsPolicyStatistics getResourceLimitsPolicyStatistics()
- {
- if (resourceLimitsPolicy != null)
- {
- return resourceLimitsPolicy.getStatistics();
- }
- else
- {
- return null;
- }
- }
-
-
-
/**
* Registers the current network group (this) with the server.
* <p>
diff --git a/opendj3-server-dev/src/server/org/opends/server/core/networkgroups/RequestFilteringPolicy.java b/opendj3-server-dev/src/server/org/opends/server/core/networkgroups/RequestFilteringPolicy.java
index eca9302..632b4e8 100644
--- a/opendj3-server-dev/src/server/org/opends/server/core/networkgroups/RequestFilteringPolicy.java
+++ b/opendj3-server-dev/src/server/org/opends/server/core/networkgroups/RequestFilteringPolicy.java
@@ -50,19 +50,6 @@
// No implementation required.
}
-
-
- /**
- * Returns the statistics associated with this request filtering
- * policy.
- *
- * @return The statistics associated with this request filtering
- * policy.
- */
- abstract RequestFilteringPolicyStatistics getStatistics();
-
-
-
/**
* Determines if the provided operation is allowed according to this
* request filtering policy.
diff --git a/opendj3-server-dev/src/server/org/opends/server/core/networkgroups/RequestFilteringPolicyFactory.java b/opendj3-server-dev/src/server/org/opends/server/core/networkgroups/RequestFilteringPolicyFactory.java
deleted file mode 100644
index f67a251..0000000
--- a/opendj3-server-dev/src/server/org/opends/server/core/networkgroups/RequestFilteringPolicyFactory.java
+++ /dev/null
@@ -1,669 +0,0 @@
-/*
- * CDDL HEADER START
- *
- * The contents of this file are subject to the terms of the
- * Common Development and Distribution License, Version 1.0 only
- * (the "License"). You may not use this file except in compliance
- * with the License.
- *
- * You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
- * or http://forgerock.org/license/CDDLv1.0.html.
- * See the License for the specific language governing permissions
- * and limitations under the License.
- *
- * When distributing Covered Code, include this CDDL HEADER in each
- * file and include the License file at legal-notices/CDDLv1_0.txt.
- * If applicable, add the following below this CDDL HEADER, with the
- * fields enclosed by brackets "[]" replaced with your own identifying
- * information:
- * Portions Copyright [yyyy] [name of copyright owner]
- *
- * CDDL HEADER END
- *
- *
- * Copyright 2009 Sun Microsystems, Inc.
- * Portions Copyright 2014 ForgeRock AS
- */
-package org.opends.server.core.networkgroups;
-
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Set;
-
-import org.forgerock.i18n.LocalizableMessage;
-import org.opends.server.admin.server.ConfigurationChangeListener;
-import org.opends.server.admin.std.meta.RequestFilteringQOSPolicyCfgDefn.AllowedOperations;
-import org.opends.server.admin.std.meta.RequestFilteringQOSPolicyCfgDefn.AllowedSearchScopes;
-import org.opends.server.admin.std.server.RequestFilteringQOSPolicyCfg;
-import org.opends.server.api.QOSPolicyFactory;
-import org.forgerock.opendj.config.server.ConfigException;
-import org.opends.server.types.ConfigChangeResult;
-import org.opends.server.types.DN;
-import org.opends.server.types.DirectoryException;
-import org.opends.server.types.InitializationException;
-import org.opends.server.types.OperationType;
-import org.opends.server.types.RawFilter;
-import org.forgerock.opendj.ldap.ResultCode;
-import org.opends.server.types.operation.PreParseAddOperation;
-import org.opends.server.types.operation.PreParseCompareOperation;
-import org.opends.server.types.operation.PreParseDeleteOperation;
-import org.opends.server.types.operation.PreParseModifyDNOperation;
-import org.opends.server.types.operation.PreParseModifyOperation;
-import org.opends.server.types.operation.PreParseOperation;
-import org.opends.server.types.operation.PreParseSearchOperation;
-
-import static org.opends.messages.ConfigMessages.*;
-import static org.opends.messages.CoreMessages.*;
-
-/**
- * This class defines a factory for creating user configurable request
- * filtering policies.
- */
-public final class RequestFilteringPolicyFactory implements
- QOSPolicyFactory<RequestFilteringQOSPolicyCfg>
-{
-
- /**
- * Policy implementation.
- */
- private static final class Policy extends RequestFilteringPolicy
- implements
- ConfigurationChangeListener<RequestFilteringQOSPolicyCfg>
- {
-
- // The list of allowed attributes
- private Set<String> allowedAttributes = null;
-
- // The list of allowed operations
- private Set<AllowedOperations> allowedOperations = null;
-
- // The list of allowed search scopes
- private Set<AllowedSearchScopes> allowedSearchScopes = null;
-
- // The list of allowed subtrees
- private Set<DN> allowedSubtrees = null;
-
- // The list of prohibited attributes
- private Set<String> prohibitedAttributes = null;
-
- // The list of prohibited subtrees
- private Set<DN> prohibitedSubtrees = null;
-
- // The statistics for the request filtering policy
- private final RequestFilteringPolicyStatistics statistics =
- new RequestFilteringPolicyStatistics();
-
-
-
- /**
- * Creates a new request filtering policy.
- */
- private Policy()
- {
- // Nothing to do.
- }
-
-
-
- /**
- * {@inheritDoc}
- */
- @Override
- public ConfigChangeResult applyConfigurationChange(
- RequestFilteringQOSPolicyCfg configuration)
- {
- ResultCode resultCode = ResultCode.SUCCESS;
- boolean adminActionRequired = false;
- ArrayList<LocalizableMessage> messages = new ArrayList<LocalizableMessage>();
-
- // Save the configuration.
- updateConfiguration(configuration);
-
- return new ConfigChangeResult(resultCode, adminActionRequired,
- messages);
- }
-
-
-
- /**
- * {@inheritDoc}
- */
- @Override
- public boolean isConfigurationChangeAcceptable(
- RequestFilteringQOSPolicyCfg configuration,
- List<LocalizableMessage> unacceptableReasons)
- {
- return RequestFilteringPolicyFactory.validateConfiguration(
- configuration, unacceptableReasons);
- }
-
-
-
- /**
- * {@inheritDoc}
- */
- @Override
- RequestFilteringPolicyStatistics getStatistics()
- {
- return statistics;
- }
-
-
-
- /**
- * {@inheritDoc}
- */
- @Override
- boolean isAllowed(PreParseOperation operation,
- List<LocalizableMessage> messages)
- {
- boolean allowRequest = true;
-
- // Check the allowed operations
- if (!allowedOperations.isEmpty())
- {
- switch (operation.getOperationType())
- {
- case ABANDON:
- allowRequest = true;
- break;
- case ADD:
- allowRequest =
- allowedOperations.contains(AllowedOperations.ADD);
- break;
- case BIND:
- allowRequest =
- allowedOperations.contains(AllowedOperations.BIND);
- break;
- case COMPARE:
- allowRequest =
- allowedOperations.contains(AllowedOperations.COMPARE);
- break;
- case DELETE:
- allowRequest =
- allowedOperations.contains(AllowedOperations.DELETE);
- break;
- case EXTENDED:
- allowRequest =
- allowedOperations.contains(AllowedOperations.EXTENDED);
- break;
- case MODIFY:
- allowRequest =
- allowedOperations.contains(AllowedOperations.MODIFY);
- break;
- case MODIFY_DN:
- allowRequest =
- allowedOperations.contains(AllowedOperations.RENAME);
- break;
- case SEARCH:
- allowRequest =
- allowedOperations.contains(AllowedOperations.SEARCH);
-
- // If inequality search are prohibited, need to check
- if (allowRequest
- && !allowedOperations
- .contains(AllowedOperations.INEQUALITY_SEARCH))
- {
- RawFilter flt =
- ((PreParseSearchOperation) operation).getRawFilter();
- allowRequest = !containsInequalitySearch(flt);
- }
- break;
- case UNBIND:
- allowRequest = true;
- break;
- }
-
- if (!allowRequest)
- {
- statistics.updateRejectedOperations();
- messages.add(INFO_ERROR_OPERATION_NOT_ALLOWED.get());
- return allowRequest;
- }
- }
-
- // For search operations:
- if (operation.getOperationType().equals(OperationType.SEARCH))
- {
- PreParseSearchOperation searchOp =
- (PreParseSearchOperation) operation;
-
- // Check the allowed/prohibited attributes in search filter
- if (!prohibitedAttributes.isEmpty())
- {
- // The attributes specified in prohibitedAttributes are not OK
- allowRequest =
- !containsProhibitedAttribute(searchOp.getRawFilter());
- }
-
- if (!allowRequest)
- {
- statistics.updateRejectedAttributes();
- messages.add(INFO_ERROR_ATTRIBUTE_NOT_ALLOWED.get());
- return allowRequest;
- }
-
- if (!allowedAttributes.isEmpty())
- {
- // Only the attributes specified in allowedAttributes are OK
- allowRequest =
- containsOnlyAllowedAttributes(searchOp.getRawFilter());
- }
-
- if (!allowRequest)
- {
- statistics.updateRejectedAttributes();
- messages.add(INFO_ERROR_ATTRIBUTE_NOT_ALLOWED.get());
- return allowRequest;
- }
-
- // Check the search scope
- if (!allowedSearchScopes.isEmpty())
- {
- switch (searchOp.getScope().asEnum())
- {
- case BASE_OBJECT:
- allowRequest =
- allowedSearchScopes.contains(AllowedSearchScopes.BASE);
- break;
- case SINGLE_LEVEL:
- allowRequest =
- allowedSearchScopes.contains(AllowedSearchScopes.ONE);
- break;
- case WHOLE_SUBTREE:
- allowRequest =
- allowedSearchScopes.contains(AllowedSearchScopes.SUB);
- break;
- case SUBORDINATES:
- allowRequest =
- allowedSearchScopes
- .contains(AllowedSearchScopes.CHILDREN);
- break;
- }
-
- if (!allowRequest)
- {
- statistics.updateRejectedScopes();
- messages.add(INFO_ERROR_SEARCH_SCOPE_NOT_ALLOWED.get());
- return allowRequest;
- }
- }
- }
-
- // For compare operation
- if (operation.getOperationType().equals(OperationType.COMPARE))
- {
- PreParseCompareOperation compareOp =
- (PreParseCompareOperation) operation;
-
- // Check the allowed/prohibited attributes
- if (!prohibitedAttributes.isEmpty())
- {
- allowRequest =
- !prohibitedAttributes.contains(compareOp
- .getRawAttributeType());
- }
-
- if (!allowRequest)
- {
- statistics.updateRejectedAttributes();
- messages.add(INFO_ERROR_ATTRIBUTE_NOT_ALLOWED.get());
- return allowRequest;
- }
-
- if (!allowedAttributes.isEmpty())
- {
- allowRequest =
- allowedAttributes.contains(compareOp
- .getRawAttributeType());
- }
-
- if (!allowRequest)
- {
- statistics.updateRejectedAttributes();
- messages.add(INFO_ERROR_ATTRIBUTE_NOT_ALLOWED.get());
- return allowRequest;
- }
- }
-
- DN entryDN = null;
- DN newEntryDN = null;
-
- try
- {
- switch (operation.getOperationType())
- {
- case ADD:
- entryDN =
- DN.decode(((PreParseAddOperation) operation)
- .getRawEntryDN());
- break;
- case COMPARE:
- entryDN =
- DN.decode(((PreParseCompareOperation) operation)
- .getRawEntryDN());
- break;
- case DELETE:
- entryDN =
- DN.decode(((PreParseDeleteOperation) operation)
- .getRawEntryDN());
- break;
- case EXTENDED:
- break;
- case MODIFY:
- entryDN =
- DN.decode(((PreParseModifyOperation) operation)
- .getRawEntryDN());
- break;
- case MODIFY_DN:
- entryDN =
- DN.decode(((PreParseModifyDNOperation) operation)
- .getRawEntryDN());
- newEntryDN =
- DN.decode(((PreParseModifyDNOperation) operation)
- .getRawNewRDN());
- break;
- case SEARCH:
- entryDN =
- DN.decode(((PreParseSearchOperation) operation)
- .getRawBaseDN());
- break;
- default:
- break;
- }
-
- if (entryDN != null)
- {
- allowRequest =
- isInAllowedSubtrees(entryDN)
- && !isInProhibitedSubtrees(entryDN);
- }
-
- if (newEntryDN != null)
- {
- allowRequest =
- isInAllowedSubtrees(newEntryDN)
- && !isInProhibitedSubtrees(newEntryDN);
- }
- }
- catch (DirectoryException e)
- {
- // Invalid DN - reject the request.
- allowRequest = true;
- }
-
- if (!allowRequest)
- {
- statistics.updateRejectedSubtrees();
- messages.add(INFO_ERROR_SUBTREE_NOT_ALLOWED.get());
- return allowRequest;
- }
-
- return true;
-
- }
-
-
-
- /**
- * Checks whether a filter contains an inequality search filter
- * (i.e. either a greater_or_equal or a less_or_equal filter).
- *
- * @param filter
- * The filter to be tested
- * @return boolean indicating whether the filter contains an
- * inequality search filter
- */
- private boolean containsInequalitySearch(RawFilter filter)
- {
- switch (filter.getFilterType())
- {
- case AND:
- case OR:
- ArrayList<RawFilter> filterComponents =
- filter.getFilterComponents();
- if (filterComponents != null)
- {
- for (RawFilter element : filterComponents)
- {
- if (containsInequalitySearch(element))
- {
- return true;
- }
- }
- }
- return false;
- case NOT:
- return containsInequalitySearch(filter.getNOTComponent());
- case GREATER_OR_EQUAL:
- case LESS_OR_EQUAL:
- return true;
- default:
- return false;
- }
-
- }
-
-
-
- /**
- * Checks whether a filter contains unallowed attributes.
- *
- * @param filter
- * The filter to be tested
- * @return boolean indicating whether the filter contains at least
- * one attribute which is not in the allowed list
- */
- private boolean containsOnlyAllowedAttributes(RawFilter filter)
- {
- switch (filter.getFilterType())
- {
- case AND:
- case OR:
- ArrayList<RawFilter> filterComponents =
- filter.getFilterComponents();
- if (filterComponents != null)
- {
- for (RawFilter element : filterComponents)
- {
- if (!containsOnlyAllowedAttributes(element))
- {
- return false;
- }
- }
- }
- return true;
- case NOT:
- return containsOnlyAllowedAttributes(filter.getNOTComponent());
- default:
- return allowedAttributes.contains(filter.getAttributeType());
- }
- }
-
-
-
- /**
- * Checks whether a filter contains one of the prohibited
- * attributes.
- *
- * @param filter
- * The filter to be tested
- * @return boolean indicating whether the filter contains at least
- * one of the prohibited attributes
- */
- private boolean containsProhibitedAttribute(RawFilter filter)
- {
- switch (filter.getFilterType())
- {
- case AND:
- case OR:
- ArrayList<RawFilter> filterComponents =
- filter.getFilterComponents();
- if (filterComponents != null)
- {
- for (RawFilter element : filterComponents)
- {
- if (containsProhibitedAttribute(element))
- {
- return true;
- }
- }
- }
- return false;
- case NOT:
- return containsProhibitedAttribute(filter.getNOTComponent());
- default:
- return prohibitedAttributes.contains(filter.getAttributeType());
- }
- }
-
-
-
- /**
- * Checks whether a DN is in a branch of the allowed subtrees.
- *
- * @param dn
- * The DN to be tested
- * @return boolean indicating whether the dn is in a branch of the
- * allowed subtrees
- */
- private boolean isInAllowedSubtrees(DN dn)
- {
- boolean result = false;
- // If the variable is not set, consider allowedSubtrees = rootDSE
- if (allowedSubtrees.isEmpty())
- {
- return true;
- }
- for (DN branch : allowedSubtrees)
- {
- if (dn.isDescendantOf(branch))
- {
- result = true;
- break;
- }
- }
- return result;
- }
-
-
-
- /**
- * Checks whether a DN is in a branch of the prohibited subtrees.
- *
- * @param dn
- * The Dn to be tested
- * @return boolean indicating whether the dn is in a branch of the
- * prohibited subtrees
- */
- private boolean isInProhibitedSubtrees(DN dn)
- {
- boolean result = false;
- for (DN branch : prohibitedSubtrees)
- {
- if (dn.isDescendantOf(branch))
- {
- result = true;
- break;
- }
- }
- return result;
- }
-
-
-
- // Updates this policy's configuration.
- private void updateConfiguration(
- RequestFilteringQOSPolicyCfg configuration)
- {
- this.allowedOperations = configuration.getAllowedOperations();
- this.allowedAttributes = configuration.getAllowedAttributes();
- this.prohibitedAttributes =
- configuration.getProhibitedAttributes();
- this.allowedSearchScopes = configuration.getAllowedSearchScopes();
- this.allowedSubtrees = configuration.getAllowedSubtrees();
- this.prohibitedSubtrees = configuration.getProhibitedSubtrees();
- }
- }
-
-
-
- // Validates a configuration.
- private static boolean validateConfiguration(
- RequestFilteringQOSPolicyCfg configuration,
- List<LocalizableMessage> unacceptableReasons)
- {
- // Check that allowed-attributes does not contain any attribute
- // also configured in prohibited-attributes
- for (String allowedAttr : configuration.getAllowedAttributes())
- {
- if (configuration.getProhibitedAttributes().contains(allowedAttr))
- {
- unacceptableReasons
- .add(ERR_CONFIG_NETWORKGROUPREQUESTFILTERINGPOLICY_INVALID_ATTRIBUTE
- .get(allowedAttr, configuration.dn()));
- return false;
- }
- }
-
- // Check that allowed-subtrees does not contain any subtree also
- // configured in prohibited-subtrees
- for (DN allowedSubtree : configuration.getAllowedSubtrees())
- {
- if (configuration.getProhibitedSubtrees()
- .contains(allowedSubtree))
- {
- unacceptableReasons
- .add(ERR_CONFIG_NETWORKGROUPREQUESTFILTERINGPOLICY_INVALID_SUBTREE
- .get(allowedSubtree, configuration.dn()));
- return false;
- }
- }
-
- return true;
- }
-
-
-
- /**
- * Creates a new request filtering policy factory.
- */
- public RequestFilteringPolicyFactory()
- {
- // Nothing to do.
- }
-
-
-
- /**
- * {@inheritDoc}
- */
- @Override
- public RequestFilteringPolicy createQOSPolicy(
- RequestFilteringQOSPolicyCfg configuration)
- throws ConfigException, InitializationException
- {
- Policy policy = new Policy();
-
- // Save the configuration.
- policy.updateConfiguration(configuration);
-
- // Register change listener.
- configuration.addRequestFilteringChangeListener(policy);
-
- return policy;
- }
-
-
-
- /**
- * {@inheritDoc}
- */
- @Override
- public boolean isConfigurationAcceptable(
- RequestFilteringQOSPolicyCfg configuration,
- List<LocalizableMessage> unacceptableReasons)
- {
- return validateConfiguration(configuration, unacceptableReasons);
- }
-}
diff --git a/opendj3-server-dev/src/server/org/opends/server/core/networkgroups/RequestFilteringPolicyStatistics.java b/opendj3-server-dev/src/server/org/opends/server/core/networkgroups/RequestFilteringPolicyStatistics.java
deleted file mode 100644
index 1f57e6d..0000000
--- a/opendj3-server-dev/src/server/org/opends/server/core/networkgroups/RequestFilteringPolicyStatistics.java
+++ /dev/null
@@ -1,154 +0,0 @@
-/*
- * CDDL HEADER START
- *
- * The contents of this file are subject to the terms of the
- * Common Development and Distribution License, Version 1.0 only
- * (the "License"). You may not use this file except in compliance
- * with the License.
- *
- * You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
- * or http://forgerock.org/license/CDDLv1.0.html.
- * See the License for the specific language governing permissions
- * and limitations under the License.
- *
- * When distributing Covered Code, include this CDDL HEADER in each
- * file and include the License file at legal-notices/CDDLv1_0.txt.
- * If applicable, add the following below this CDDL HEADER, with the
- * fields enclosed by brackets "[]" replaced with your own identifying
- * information:
- * Portions Copyright [yyyy] [name of copyright owner]
- *
- * CDDL HEADER END
- *
- *
- * Copyright 2009 Sun Microsystems, Inc.
- */
-
-package org.opends.server.core.networkgroups;
-
-
-
-import java.util.concurrent.atomic.AtomicLong;
-
-
-
-/**
- * This class implements the statistics associated with a network group
- * request filtering policy.
- */
-final class RequestFilteringPolicyStatistics
-{
- private final AtomicLong rejectedAttributes = new AtomicLong();
- private final AtomicLong rejectedOperations = new AtomicLong();
- private final AtomicLong rejectedScopes = new AtomicLong();
- private final AtomicLong rejectedSubtrees = new AtomicLong();
-
-
-
- /**
- * Creates a new request filtering policy statistics.
- */
- RequestFilteringPolicyStatistics()
- {
- // Do nothing.
- }
-
-
-
- /**
- * Returns the number of rejected operations due to an attribute not
- * allowed by the request filtering policy.
- *
- * @return The number of rejected operations due to an invalid
- * attribute.
- */
- long getRejectedAttributes()
- {
- return rejectedAttributes.get();
- }
-
-
-
- /**
- * Returns the number of rejected operations due to an operation type
- * not allowed by the request filtering policy.
- *
- * @return The number of rejected operations due to an invalid
- * operation type.
- */
- long getRejectedOperations()
- {
- return rejectedOperations.get();
- }
-
-
-
- /**
- * Returns the number of rejected operations due to a scope not
- * allowed by the request filtering policy.
- *
- * @return The number of rejected operations due to an invalid scope.
- */
- long getRejectedScopes()
- {
- return rejectedScopes.get();
- }
-
-
-
- /**
- * Returns the number of rejected operations due to a subtree not
- * allowed by the request filtering policy.
- *
- * @return The number of rejected operations due to an invalid
- * subtree.
- */
- long getRejectedSubtrees()
- {
- return rejectedSubtrees.get();
- }
-
-
-
- /**
- * Increments the number of rejected operations due to an attribute
- * not allowed by the request filtering policy.
- */
- void updateRejectedAttributes()
- {
- rejectedAttributes.incrementAndGet();
- }
-
-
-
- /**
- * Increments the number of rejected operations due to an operation
- * type not allowed by the request filtering policy.
- */
- void updateRejectedOperations()
- {
- rejectedOperations.incrementAndGet();
- }
-
-
-
- /**
- * Increments the number of rejected operations due to a search scope
- * not allowed by the request filtering policy.
- */
- void updateRejectedScopes()
- {
- rejectedScopes.incrementAndGet();
- }
-
-
-
- /**
- * Increments the number of rejected operations due to a subtree not
- * allowed by the request filtering policy.
- */
- void updateRejectedSubtrees()
- {
- rejectedSubtrees.incrementAndGet();
- }
-}
diff --git a/opendj3-server-dev/src/server/org/opends/server/core/networkgroups/ResourceLimitsPolicy.java b/opendj3-server-dev/src/server/org/opends/server/core/networkgroups/ResourceLimitsPolicy.java
index 1d08f08..49af40e 100644
--- a/opendj3-server-dev/src/server/org/opends/server/core/networkgroups/ResourceLimitsPolicy.java
+++ b/opendj3-server-dev/src/server/org/opends/server/core/networkgroups/ResourceLimitsPolicy.java
@@ -81,17 +81,6 @@
*/
abstract int getSizeLimit();
-
-
- /**
- * Returns the statistics associated with this resource limits policy.
- *
- * @return The statistics associated with this resource limits policy.
- */
- abstract ResourceLimitsPolicyStatistics getStatistics();
-
-
-
/**
* Returns the maximum length of time in seconds permitted for a
* search operation processed by this network group.
diff --git a/opendj3-server-dev/src/server/org/opends/server/core/networkgroups/ResourceLimitsPolicyFactory.java b/opendj3-server-dev/src/server/org/opends/server/core/networkgroups/ResourceLimitsPolicyFactory.java
deleted file mode 100644
index d917aaa..0000000
--- a/opendj3-server-dev/src/server/org/opends/server/core/networkgroups/ResourceLimitsPolicyFactory.java
+++ /dev/null
@@ -1,544 +0,0 @@
-/*
- * CDDL HEADER START
- *
- * The contents of this file are subject to the terms of the
- * Common Development and Distribution License, Version 1.0 only
- * (the "License"). You may not use this file except in compliance
- * with the License.
- *
- * You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
- * or http://forgerock.org/license/CDDLv1.0.html.
- * See the License for the specific language governing permissions
- * and limitations under the License.
- *
- * When distributing Covered Code, include this CDDL HEADER in each
- * file and include the License file at legal-notices/CDDLv1_0.txt.
- * If applicable, add the following below this CDDL HEADER, with the
- * fields enclosed by brackets "[]" replaced with your own identifying
- * information:
- * Portions Copyright [yyyy] [name of copyright owner]
- *
- * CDDL HEADER END
- *
- *
- * Copyright 2009-2010 Sun Microsystems, Inc.
- * Portions Copyright 2014 ForgeRock AS
- */
-package org.opends.server.core.networkgroups;
-
-
-
-import static org.opends.messages.CoreMessages.*;
-
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.List;
-
-import org.forgerock.i18n.LocalizableMessage;
-import org.opends.server.admin.server.ConfigurationChangeListener;
-import org.opends.server.admin.std.server.ResourceLimitsQOSPolicyCfg;
-import org.opends.server.api.ClientConnection;
-import org.opends.server.api.QOSPolicyFactory;
-import org.forgerock.opendj.config.server.ConfigException;
-import org.opends.server.core.DirectoryServer;
-import org.forgerock.opendj.ldap.ByteString;
-import org.opends.server.types.ConfigChangeResult;
-import org.opends.server.types.InitializationException;
-import org.opends.server.types.RawFilter;
-import org.forgerock.opendj.ldap.ResultCode;
-import org.opends.server.types.operation.PreParseOperation;
-import org.opends.server.types.operation.PreParseSearchOperation;
-
-
-
-/**
- * This class defines a factory for creating user configurable resource
- * limits policies.
- */
-public final class ResourceLimitsPolicyFactory implements
- QOSPolicyFactory<ResourceLimitsQOSPolicyCfg>
-{
-
- /**
- * Policy implementation.
- */
- private static final class Policy extends ResourceLimitsPolicy
- implements
- ConfigurationChangeListener<ResourceLimitsQOSPolicyCfg>
- {
- /**
- * {@inheritDoc}
- */
- public ConfigChangeResult applyConfigurationChange(
- ResourceLimitsQOSPolicyCfg configuration)
- {
- ResultCode resultCode = ResultCode.SUCCESS;
- boolean adminActionRequired = false;
- ArrayList<LocalizableMessage> messages = new ArrayList<LocalizableMessage>();
-
- // Save the configuration.
- updateConfiguration(configuration);
-
- return new ConfigChangeResult(resultCode, adminActionRequired,
- messages);
- }
-
-
-
- /**
- * {@inheritDoc}
- */
- public boolean isConfigurationChangeAcceptable(
- ResourceLimitsQOSPolicyCfg configuration,
- List<LocalizableMessage> unacceptableReasons)
- {
- return ResourceLimitsPolicyFactory.validateConfiguration(
- configuration, unacceptableReasons);
- }
-
-
-
- // Map containing the connections sorted by incoming IP address.
- private final HashMap<String, Integer> connectionsPerIPMap =
- new HashMap<String, Integer>();
-
- // The maximum number of concurrent operations per connection.
- private int maxConcurrentOpsPerConnection;
-
- // The maximum number of connections in the network group.
- private int maxConnections;
-
- // The maximum number of connections coming from the same IP
- // address.
- private int maxConnectionsFromSameIP;
-
- // The maximum number of operations per connection.
- private int maxOpsPerConnection;
-
- // The minimum substring length in a search.
- private int minSearchSubstringLength;
-
- // The lock for connections per IP map.
- private final Object mutex = new Object();
-
- // The maximum size for a search.
- private int sizeLimit;
-
- // The statistics for the resource limits policy.
- private final ResourceLimitsPolicyStatistics statistics =
- new ResourceLimitsPolicyStatistics();
-
- // The maximum time for a search.
- private int timeLimit;
-
- // The time interval for throughput limits
- private long interval;
- private long intervalStartTime = 0;
-
- // The max number of operations during the interval
- private int maxOperationsPerInterval;
- private int operationsPerInterval = 0;
-
- /**
- * Creates a new resource limits policy.
- */
- private Policy()
- {
- // Nothing to do.
- }
-
-
-
- /**
- * {@inheritDoc}
- */
- @Override
- void addConnection(ClientConnection connection)
- {
- synchronized (mutex)
- {
- // Update the statistics.
- statistics.addClientConnection();
-
- // Increment the number of connections from the given IP
- // address.
- String ip = connection.getClientAddress();
- Integer currentCount = connectionsPerIPMap.get(ip);
- if (currentCount == null)
- {
- connectionsPerIPMap.put(ip, 1);
- }
- else
- {
- connectionsPerIPMap.put(ip, currentCount + 1);
- }
- }
- }
-
-
-
- /**
- * {@inheritDoc}
- */
- @Override
- int getMinSubstring()
- {
- return minSearchSubstringLength;
- }
-
-
-
- /**
- * {@inheritDoc}
- */
- @Override
- int getSizeLimit()
- {
- return sizeLimit;
- }
-
-
-
- /**
- * {@inheritDoc}
- */
- @Override
- ResourceLimitsPolicyStatistics getStatistics()
- {
- return statistics;
- }
-
-
-
- /**
- * {@inheritDoc}
- */
- @Override
- int getTimeLimit()
- {
- return timeLimit;
- }
-
-
-
- /**
- * {@inheritDoc}
- */
- @Override
- boolean isAllowed(ClientConnection connection,
- PreParseOperation operation, boolean fullCheck,
- List<LocalizableMessage> messages)
- {
- boolean result = true;
-
- if (fullCheck)
- {
- // Check the total number of connections in the resource group
- synchronized (mutex)
- {
- if (maxConnections > 0
- && statistics.getClientConnections() > maxConnections)
- {
- messages.add(INFO_ERROR_MAX_CONNECTIONS_LIMIT_EXCEEDED
- .get());
- result = false;
- }
- }
- if (!result)
- {
- return result;
- }
-
- // Check the number of connections coming from the same IP
- synchronized (mutex)
- {
- // Add the connection in the map
- String ip = connection.getClientAddress();
-
- Integer currentCount = connectionsPerIPMap.get(ip);
- if (currentCount == null)
- {
- currentCount = new Integer(0);
- }
-
- if (maxConnectionsFromSameIP > 0
- && currentCount.intValue() > maxConnectionsFromSameIP)
- {
- messages
- .add(INFO_ERROR_MAX_CONNECTIONS_FROM_SAME_IP_LIMIT_EXCEEDED
- .get());
- result = false;
- }
- }
- if (!result)
- {
- return result;
- }
- }
-
- // Check the max number of operations per connection
- if (maxOpsPerConnection > 0
- && connection.getNumberOfOperations() > maxOpsPerConnection)
- {
- messages
- .add(INFO_ERROR_MAX_OPERATIONS_PER_CONNECTION_LIMIT_EXCEEDED
- .get());
- return false;
- }
-
- // Check the max number of concurrent operations per connection
- if (maxConcurrentOpsPerConnection > 0
- && connection.getOperationsInProgress().size()
- > maxConcurrentOpsPerConnection)
- {
- messages.add(
- INFO_ERROR_MAX_CONCURRENT_OPERATIONS_PER_CONNECTION_LIMIT_EXCEEDED
- .get());
- return false;
- }
-
- // If the operation is a search, check the min search substring
- // length
- if (operation != null
- && operation instanceof PreParseSearchOperation)
- {
- if (!checkSubstringFilter(((PreParseSearchOperation) operation)
- .getRawFilter()))
- {
- messages
- .add(INFO_ERROR_MIN_SEARCH_SUBSTRING_LENGTH_LIMIT_EXCEEDED
- .get());
- return false;
- }
- }
-
- // Check the throughput
- if (operation != null && maxOperationsPerInterval > 0) {
- synchronized(mutex) {
- long now = System.currentTimeMillis();
- // if the start time has never been set, or the interval has already
- // expired, reset the start time and number of operations
- if (intervalStartTime == 0 || now > (intervalStartTime + interval)) {
- intervalStartTime = now;
- operationsPerInterval = 0;
- }
-
- operationsPerInterval++;
- if (operationsPerInterval > maxOperationsPerInterval) {
- messages.add(INFO_ERROR_MAX_THROUGHPUT_EXCEEDED.get(
- maxOperationsPerInterval,interval));
- result = false;
- }
- }
- if (!result) {
- return result;
- }
- }
-
- return true;
- }
-
-
-
- /**
- * {@inheritDoc}
- */
- @Override
- void removeConnection(ClientConnection connection)
- {
- synchronized (mutex)
- {
- // Update the statistics.
- statistics.removeClientConnection();
-
- // Decrement the number of connections from the given IP
- // address.
- String ip = connection.getClientAddress();
- Integer currentCount = connectionsPerIPMap.get(ip);
- if (currentCount != null)
- {
- if (currentCount == 1)
- {
- // This was the last connection.
- connectionsPerIPMap.remove(ip);
- }
- else
- {
- connectionsPerIPMap.put(ip, currentCount - 1);
- }
- }
- }
- }
-
-
-
- /**
- * Checks whether a filter enforces minimum substring length. If the
- * filter is a composed filter (AND, OR, NOT filters), each
- * component of the filter is recursively checked. When the filter
- * is a substring filter, this routine checks that the substring
- * length is greater or equal to the minimum substring length. For
- * other search filter types, true is returned.
- *
- * @param filter
- * The LDAP search filter to be tested
- * @return boolean indicating whether the filter conforms to the
- * minimum substring length rule.
- */
- private boolean checkSubstringFilter(RawFilter filter)
- {
- switch (filter.getFilterType())
- {
- case AND:
- case OR:
- ArrayList<RawFilter> filterComponents =
- filter.getFilterComponents();
- if (filterComponents != null)
- {
- for (RawFilter element : filterComponents)
- {
- if (!checkSubstringFilter(element))
- {
- return false;
- }
- }
- }
- return true;
- case NOT:
- return checkSubstringFilter(filter.getNOTComponent());
- case SUBSTRING:
- int length = 0;
- ByteString subInitialElement = filter.getSubInitialElement();
- if (subInitialElement != null)
- {
- length += subInitialElement.length();
- }
- ArrayList<ByteString> subAnyElements =
- filter.getSubAnyElements();
- if (subAnyElements != null)
- {
- for (ByteString element : subAnyElements)
- {
- length += element.length();
- }
- }
- ByteString subFinalElement = filter.getSubFinalElement();
- if (subFinalElement != null)
- {
- length += subFinalElement.length();
- }
- return length >= minSearchSubstringLength;
- default:
- return true;
- }
- }
-
-
-
- // Updates this policy's configuration.
- private void updateConfiguration(
- ResourceLimitsQOSPolicyCfg configuration)
- {
- maxConnections = configuration.getMaxConnections();
- maxConnectionsFromSameIP =
- configuration.getMaxConnectionsFromSameIP();
- maxOpsPerConnection = configuration.getMaxOpsPerConnection();
- maxConcurrentOpsPerConnection =
- configuration.getMaxConcurrentOpsPerConnection();
-
- Integer tmpSizeLimit = configuration.getSizeLimit();
- if (tmpSizeLimit != null)
- {
- sizeLimit = tmpSizeLimit;
- }
- else
- {
- sizeLimit = DirectoryServer.getSizeLimit();
- }
-
- Long tmpTimeLimit = configuration.getTimeLimit();
- if (tmpTimeLimit != null)
- {
- timeLimit = tmpTimeLimit.intValue();
- }
- else
- {
- timeLimit = DirectoryServer.getTimeLimit();
- }
-
- minSearchSubstringLength = configuration.getMinSubstringLength();
-
- // Update the Max Ops Per Time Interval parameters
- long previousInterval = interval;
- int previousMax = maxOperationsPerInterval;
-
- interval = configuration.getMaxOpsInterval();
- maxOperationsPerInterval = configuration.getMaxOpsPerInterval();
- // If the values have been modified, reset the counters
- if ((previousInterval != interval)
- || (previousMax != maxOperationsPerInterval)) {
- intervalStartTime = 0;
- operationsPerInterval = 0;
- }
- }
- }
-
-
-
- // Validates a configuration.
- private static boolean validateConfiguration(
- ResourceLimitsQOSPolicyCfg configuration,
- List<LocalizableMessage> unacceptableReasons)
- {
- // maxOpsPerInterval must be positive
- long tmpMaxOps = configuration.getMaxOpsInterval();
- if (tmpMaxOps < 0) {
- unacceptableReasons.add(ERR_MAX_OPS_PER_INTERVAL.get(tmpMaxOps));
- return false;
- }
-
- return true;
- }
-
-
-
- /**
- * Creates a new resource limits policy factory.
- */
- public ResourceLimitsPolicyFactory()
- {
- // Nothing to do.
- }
-
-
-
- /**
- * {@inheritDoc}
- */
- public ResourceLimitsPolicy createQOSPolicy(
- ResourceLimitsQOSPolicyCfg configuration) throws ConfigException,
- InitializationException
- {
- Policy policy = new Policy();
-
- // Save the configuration.
- policy.updateConfiguration(configuration);
-
- // Register change listener.
- configuration.addResourceLimitsChangeListener(policy);
-
- return policy;
- }
-
-
-
- /**
- * {@inheritDoc}
- */
- public boolean isConfigurationAcceptable(
- ResourceLimitsQOSPolicyCfg configuration,
- List<LocalizableMessage> unacceptableReasons)
- {
- return validateConfiguration(configuration, unacceptableReasons);
- }
-}
diff --git a/opendj3-server-dev/src/server/org/opends/server/core/networkgroups/ResourceLimitsPolicyStatistics.java b/opendj3-server-dev/src/server/org/opends/server/core/networkgroups/ResourceLimitsPolicyStatistics.java
deleted file mode 100644
index 40da307..0000000
--- a/opendj3-server-dev/src/server/org/opends/server/core/networkgroups/ResourceLimitsPolicyStatistics.java
+++ /dev/null
@@ -1,120 +0,0 @@
-/*
- * CDDL HEADER START
- *
- * The contents of this file are subject to the terms of the
- * Common Development and Distribution License, Version 1.0 only
- * (the "License"). You may not use this file except in compliance
- * with the License.
- *
- * You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
- * or http://forgerock.org/license/CDDLv1.0.html.
- * See the License for the specific language governing permissions
- * and limitations under the License.
- *
- * When distributing Covered Code, include this CDDL HEADER in each
- * file and include the License file at legal-notices/CDDLv1_0.txt.
- * If applicable, add the following below this CDDL HEADER, with the
- * fields enclosed by brackets "[]" replaced with your own identifying
- * information:
- * Portions Copyright [yyyy] [name of copyright owner]
- *
- * CDDL HEADER END
- *
- *
- * Copyright 2009 Sun Microsystems, Inc.
- */
-package org.opends.server.core.networkgroups;
-
-
-
-/**
- * This class implements the statistics associated to a network group
- * resource limit.
- */
-final class ResourceLimitsPolicyStatistics
-{
- // Updates to these are protected by a mutex in the resource limits
- // policy.
- private long clientConnections = 0;
- private long maxClientConnections = 0;
- private long totalClientConnections = 0;
-
-
-
- /**
- * Creates a new resource limits statistics.
- */
- ResourceLimitsPolicyStatistics()
- {
- // Do nothing.
- }
-
-
-
- /**
- * Updates these statistics to reflect a new client connection being
- * added.
- */
- void addClientConnection()
- {
- clientConnections++;
- totalClientConnections++;
- if (clientConnections > maxClientConnections)
- {
- maxClientConnections = clientConnections;
- }
- }
-
-
-
- /**
- * Returns the number of client connections currently in the network
- * group.
- *
- * @return The number of client connections currently in the network
- * group.
- */
- long getClientConnections()
- {
- return clientConnections;
- }
-
-
-
- /**
- * Returns the maximum number of simultaneous client connections in
- * the network group.
- *
- * @return The maximum number of simultaneous client connections in
- * the network group.
- */
- long getMaxClientConnections()
- {
- return maxClientConnections;
- }
-
-
-
- /**
- * Returns the total number of client connections managed by the
- * network group since its creation.
- *
- * @return The total number of client connections managed by the
- * network group since its creation.
- */
- long getTotalClientConnections()
- {
- return totalClientConnections;
- }
-
-
-
- /**
- * Updates these statistics to reflect an existing client connection
- * being closed.
- */
- void removeClientConnection()
- {
- clientConnections--;
- }
-}
diff --git a/opendj3-server-dev/src/server/org/opends/server/workflowelement/WorkflowElement.java b/opendj3-server-dev/src/server/org/opends/server/workflowelement/WorkflowElement.java
index e0b9a6e..e9abf18 100644
--- a/opendj3-server-dev/src/server/org/opends/server/workflowelement/WorkflowElement.java
+++ b/opendj3-server-dev/src/server/org/opends/server/workflowelement/WorkflowElement.java
@@ -51,28 +51,17 @@
public abstract class WorkflowElement <T extends WorkflowElementCfg>
implements Observer
{
- // Indicates whether the workflow element encapsulates a private local
- // backend.
- private boolean isPrivate = false;
-
- // An information indicating the type of the current workflow element.
- // This information is for debug and tooling purpose only.
- private String workflowElementTypeInfo = "not defined";
-
-
- // The workflow element identifier.
- private String workflowElementID = null;
-
-
- // The observable state of the workflow element.
+ /** The observable state of the workflow element. */
private ObservableWorkflowElementState observableState =
new ObservableWorkflowElementState(this);
- // The list of observers who want to be notified when a workflow element
- // required by the observer is created. The key of the map is a string
- // that identifies the newly created workflow element.
+ /**
+ * The list of observers who want to be notified when a workflow element
+ * required by the observer is created. The key of the map is a string that
+ * identifies the newly created workflow element.
+ */
private static ConcurrentMap<String, List<Observer>>
newWorkflowElementNotificationList =
new ConcurrentHashMap<String, List<Observer>>();
@@ -85,7 +74,7 @@
*
* @return the observable state of the workflow element
*/
- protected ObservableWorkflowElementState getObservableState()
+ protected final ObservableWorkflowElementState getObservableState()
{
return observableState;
}
@@ -194,92 +183,15 @@
}
}
-
- /**
- * Notifies all the observers who want to be warn when a workflow element
- * is created.
- *
- * @param workflowElement the newly created workflow element
- */
- public static void notifyStateUpdate(
- WorkflowElement<?> workflowElement)
- {
- // Go through the list of observers and notify them all
- String weID = workflowElement.getWorkflowElementID();
-
- List<Observer> observers = newWorkflowElementNotificationList.get(weID);
- if (observers != null)
- {
- for (Observer observer: observers)
- {
- // The update might fail because an observer could have been
- // terminated. In this case, just ignore the failure and remove
- // the observer from the list of objects to notify.
- try
- {
- observer.update(workflowElement.getObservableState(), null);
- }
- catch(Exception e)
- {
- observers.remove(observer);
- }
- }
- }
- }
-
-
- /**
- * Creates a new instance of the workflow element.
- */
- public WorkflowElement()
- {
- // There is nothing to do in the constructor.
- }
-
-
- /**
- * Initializes the instance of the workflow element.
- *
- * @param workflowElementID the workflow element identifier as defined
- * in the configuration.
- * @param workflowElementTypeInfo an information to indicate the type of
- * the current workflow element. For example
- * "Backend" if the current workflow element
- * is a local backend workflow element.
- */
- public void initialize(
- String workflowElementID,
- String workflowElementTypeInfo)
- {
- this.workflowElementID = workflowElementID;
- this.workflowElementTypeInfo = workflowElementTypeInfo;
- }
-
-
- /**
- * {@inheritDoc}
- */
+ /** {@inheritDoc} */
@Override
- public void update(Observable o, Object arg)
+ public final void update(Observable o, Object arg)
{
// By default, do nothing when notification hits the workflow element.
}
/**
- * Get the type of the workflow element. The type is a string information
- * indicating which type is the current workflow element. This information
- * is intended to be used by tools for trace and debug purpose.
- *
- * @return the type of the workflow element.
- */
- public String getWorkflowElementTypeInfo()
- {
- return this.workflowElementTypeInfo;
- }
-
-
- /**
* Indicates whether the provided configuration is acceptable for
* this workflow element.
*
@@ -292,7 +204,7 @@
* @return {@code true} if the provided configuration is acceptable
* for this workflow element, or {@code false} if not.
*/
- public boolean isConfigurationAcceptable(
+ public final boolean isConfigurationAcceptable(
T configuration,
List<String> unacceptableReasons)
{
@@ -308,9 +220,7 @@
* workflow element is unloaded. No action is taken in the default
* implementation.
*/
- public void finalizeWorkflowElement()
- {
- }
+ public abstract void finalizeWorkflowElement();
/**
* Executes the workflow element for an operation.
@@ -331,32 +241,12 @@
* @return <code>true</code> if the workflow element encapsulates a private
* local backend, <code>false</code> otherwise
*/
- public boolean isPrivate()
- {
- return isPrivate;
- }
-
-
- /**
- * Specifies whether the workflow element encapsulates a private local
- * backend.
- *
- * @param isPrivate Indicates whether the workflow element encapsulates a
- * private local backend.
- */
- protected void setPrivate(boolean isPrivate)
- {
- this.isPrivate = isPrivate;
- }
-
+ public abstract boolean isPrivate();
/**
* Provides the workflow element identifier.
*
* @return the workflow element identifier
*/
- public String getWorkflowElementID()
- {
- return workflowElementID;
- }
+ public abstract String getWorkflowElementID();
}
diff --git a/opendj3-server-dev/src/server/org/opends/server/workflowelement/WorkflowElementConfigManager.java b/opendj3-server-dev/src/server/org/opends/server/workflowelement/WorkflowElementConfigManager.java
index 915e956..99d49a5 100644
--- a/opendj3-server-dev/src/server/org/opends/server/workflowelement/WorkflowElementConfigManager.java
+++ b/opendj3-server-dev/src/server/org/opends/server/workflowelement/WorkflowElementConfigManager.java
@@ -189,11 +189,7 @@
{
try
{
- WorkflowElement<?> we = loadAndRegisterWorkflowElement(configuration);
-
- // Notify observers who want to be notify when new workflow elements
- // are created.
- WorkflowElement.notifyStateUpdate(we);
+ loadAndRegisterWorkflowElement(configuration);
}
catch (InitializationException de)
{
@@ -336,11 +332,7 @@
{
try
{
- WorkflowElement<?> we = loadAndRegisterWorkflowElement(configuration);
-
- // Notify observers who want to be notify when new workflow elements
- // are created.
- WorkflowElement.notifyStateUpdate(we);
+ loadAndRegisterWorkflowElement(configuration);
}
catch (InitializationException de)
{
diff --git a/opendj3-server-dev/src/server/org/opends/server/workflowelement/localbackend/LocalBackendWorkflowElement.java b/opendj3-server-dev/src/server/org/opends/server/workflowelement/localbackend/LocalBackendWorkflowElement.java
index c73932c..6822bcf 100644
--- a/opendj3-server-dev/src/server/org/opends/server/workflowelement/localbackend/LocalBackendWorkflowElement.java
+++ b/opendj3-server-dev/src/server/org/opends/server/workflowelement/localbackend/LocalBackendWorkflowElement.java
@@ -63,10 +63,18 @@
{
private static final LocalizedLogger logger = LocalizedLogger.getLoggerForThisClass();
+ /**
+ * An information indicating the type of the current workflow element. This
+ * information is for debug and tooling purpose only.
+ */
+ private String workflowElementTypeInfo = "not defined";
+
+ /** The workflow element identifier. */
+ private String workflowElementID;
+
/** the backend associated with the local workflow element. */
private Backend<?> backend;
-
/** the set of local backend workflow elements registered with the server. */
private static TreeMap<String, LocalBackendWorkflowElement>
registeredLocalBackends =
@@ -104,16 +112,17 @@
*/
private void initialize(String workflowElementID, Backend<?> backend)
{
- super.initialize(workflowElementID, BACKEND_WORKFLOW_ELEMENT);
-
+ this.workflowElementID = workflowElementID;
+ this.workflowElementTypeInfo = BACKEND_WORKFLOW_ELEMENT;
this.backend = backend;
-
- if (this.backend != null)
- {
- setPrivate(this.backend.isPrivateBackend());
- }
}
+ /** {@inheritDoc} */
+ @Override
+ public boolean isPrivate()
+ {
+ return this.backend != null && this.backend.isPrivateBackend();
+ }
/**
* Initializes a new instance of the local backend workflow element.
@@ -148,7 +157,8 @@
public void finalizeWorkflowElement()
{
// null all fields so that any use of the finalized object will raise a NPE
- super.initialize(null, null);
+ this.workflowElementID = null;
+ this.workflowElementTypeInfo = null;
backend = null;
}
@@ -219,14 +229,9 @@
// Get the new configuration
if (applyChanges)
{
- super.initialize(
- configuration.dn().rdn().getAttributeValue(0).toString(),
- BACKEND_WORKFLOW_ELEMENT);
- backend = newBackend;
- if (backend != null)
- {
- setPrivate(backend.isPrivateBackend());
- }
+ initialize(
+ configuration.dn().rdn().getAttributeValue(0).toString(),
+ newBackend);
}
}
@@ -722,7 +727,16 @@
newAttachment);
}
-
+ /**
+ * Provides the workflow element identifier.
+ *
+ * @return the workflow element identifier
+ */
+ @Override
+ public String getWorkflowElementID()
+ {
+ return workflowElementID;
+ }
/**
* Gets the backend associated with this local backend workflow
@@ -799,7 +813,7 @@
{
return getClass().getSimpleName()
+ " backend=" + backend
- + " workflowElementID=" + getWorkflowElementID()
- + " workflowElementTypeInfo=" + getWorkflowElementTypeInfo();
+ + " workflowElementID=" + this.workflowElementID
+ + " workflowElementTypeInfo=" + this.workflowElementTypeInfo;
}
}
diff --git a/opendj3-server-dev/tests/unit-tests-testng/src/server/org/opends/server/core/networkgroups/MockRequestFilteringQOSPolicyCfg.java b/opendj3-server-dev/tests/unit-tests-testng/src/server/org/opends/server/core/networkgroups/MockRequestFilteringQOSPolicyCfg.java
deleted file mode 100644
index effab78..0000000
--- a/opendj3-server-dev/tests/unit-tests-testng/src/server/org/opends/server/core/networkgroups/MockRequestFilteringQOSPolicyCfg.java
+++ /dev/null
@@ -1,188 +0,0 @@
-/*
- * CDDL HEADER START
- *
- * The contents of this file are subject to the terms of the
- * Common Development and Distribution License, Version 1.0 only
- * (the "License"). You may not use this file except in compliance
- * with the License.
- *
- * You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
- * or http://forgerock.org/license/CDDLv1.0.html.
- * See the License for the specific language governing permissions
- * and limitations under the License.
- *
- * When distributing Covered Code, include this CDDL HEADER in each
- * file and include the License file at legal-notices/CDDLv1_0.txt.
- * If applicable, add the following below this CDDL HEADER, with the
- * fields enclosed by brackets "[]" replaced with your own identifying
- * information:
- * Portions Copyright [yyyy] [name of copyright owner]
- *
- * CDDL HEADER END
- *
- *
- * Copyright 2009 Sun Microsystems, Inc.
- */
-
-package org.opends.server.core.networkgroups;
-
-
-
-import java.util.Collections;
-import java.util.SortedSet;
-import java.util.TreeSet;
-
-import org.opends.server.admin.server.ConfigurationChangeListener;
-import org.opends.server.admin.std.meta.RequestFilteringQOSPolicyCfgDefn.AllowedOperations;
-import org.opends.server.admin.std.meta.RequestFilteringQOSPolicyCfgDefn.AllowedSearchScopes;
-import org.opends.server.admin.std.server.QOSPolicyCfg;
-import org.opends.server.admin.std.server.RequestFilteringQOSPolicyCfg;
-import org.opends.server.types.DN;
-
-
-
-/**
- * Stub configuration used in tests.
- */
-public abstract class MockRequestFilteringQOSPolicyCfg implements
- RequestFilteringQOSPolicyCfg
-{
-
- /**
- * {@inheritDoc}
- */
- public final void addRequestFilteringChangeListener(
- ConfigurationChangeListener<RequestFilteringQOSPolicyCfg> listener)
- {
- // Stub.
- }
-
-
-
- /**
- * {@inheritDoc}
- */
- public final Class<? extends RequestFilteringQOSPolicyCfg> configurationClass()
- {
- // Stub.
- return null;
- }
-
-
-
- /**
- * {@inheritDoc}
- */
- public final String getJavaClass()
- {
- // Stub.
- return null;
- }
-
-
-
- /**
- * {@inheritDoc}
- */
- public final void removeRequestFilteringChangeListener(
- ConfigurationChangeListener<RequestFilteringQOSPolicyCfg> listener)
- {
- // Stub.
- }
-
-
-
- /**
- * {@inheritDoc}
- */
- public final void addChangeListener(
- ConfigurationChangeListener<QOSPolicyCfg> listener)
- {
- // Stub.
- }
-
-
-
- /**
- * {@inheritDoc}
- */
- public final void removeChangeListener(
- ConfigurationChangeListener<QOSPolicyCfg> listener)
- {
- // Stub.
- }
-
-
-
- /**
- * {@inheritDoc}
- */
- public final DN dn()
- {
- // Stub.
- return null;
- }
-
-
-
- /**
- * {@inheritDoc}
- */
- public SortedSet<String> getAllowedAttributes()
- {
- return Collections.unmodifiableSortedSet(new TreeSet<String>());
- }
-
-
-
- /**
- * {@inheritDoc}
- */
- public SortedSet<AllowedOperations> getAllowedOperations()
- {
- return Collections
- .unmodifiableSortedSet(new TreeSet<AllowedOperations>());
- }
-
-
-
- /**
- * {@inheritDoc}
- */
- public SortedSet<AllowedSearchScopes> getAllowedSearchScopes()
- {
- return Collections
- .unmodifiableSortedSet(new TreeSet<AllowedSearchScopes>());
- }
-
-
-
- /**
- * {@inheritDoc}
- */
- public SortedSet<DN> getAllowedSubtrees()
- {
- return Collections.unmodifiableSortedSet(new TreeSet<DN>());
- }
-
-
-
- /**
- * {@inheritDoc}
- */
- public SortedSet<String> getProhibitedAttributes()
- {
- return Collections.unmodifiableSortedSet(new TreeSet<String>());
- }
-
-
-
- /**
- * {@inheritDoc}
- */
- public SortedSet<DN> getProhibitedSubtrees()
- {
- return Collections.unmodifiableSortedSet(new TreeSet<DN>());
- }
-
-}
diff --git a/opendj3-server-dev/tests/unit-tests-testng/src/server/org/opends/server/core/networkgroups/RequestFilteringPolicyTest.java b/opendj3-server-dev/tests/unit-tests-testng/src/server/org/opends/server/core/networkgroups/RequestFilteringPolicyTest.java
deleted file mode 100644
index 88fa981..0000000
--- a/opendj3-server-dev/tests/unit-tests-testng/src/server/org/opends/server/core/networkgroups/RequestFilteringPolicyTest.java
+++ /dev/null
@@ -1,525 +0,0 @@
-/*
- * CDDL HEADER START
- *
- * The contents of this file are subject to the terms of the
- * Common Development and Distribution License, Version 1.0 only
- * (the "License"). You may not use this file except in compliance
- * with the License.
- *
- * You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
- * or http://forgerock.org/license/CDDLv1.0.html.
- * See the License for the specific language governing permissions
- * and limitations under the License.
- *
- * When distributing Covered Code, include this CDDL HEADER in each
- * file and include the License file at legal-notices/CDDLv1_0.txt.
- * If applicable, add the following below this CDDL HEADER, with the
- * fields enclosed by brackets "[]" replaced with your own identifying
- * information:
- * Portions Copyright [yyyy] [name of copyright owner]
- *
- * CDDL HEADER END
- *
- *
- * Copyright 2009 Sun Microsystems, Inc.
- * Portions Copyright 2014 ForgeRock AS
- */
-package org.opends.server.core.networkgroups;
-
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.EnumSet;
-import java.util.SortedSet;
-import java.util.TreeSet;
-
-import org.forgerock.i18n.LocalizableMessage;
-import org.forgerock.opendj.ldap.ModificationType;
-import org.forgerock.opendj.ldap.SearchScope;
-import org.opends.server.DirectoryServerTestCase;
-import org.opends.server.TestCaseUtils;
-import org.opends.server.admin.std.meta.RequestFilteringQOSPolicyCfgDefn.AllowedOperations;
-import org.opends.server.admin.std.meta.RequestFilteringQOSPolicyCfgDefn.AllowedSearchScopes;
-import org.opends.server.protocols.internal.InternalClientConnection;
-import org.opends.server.protocols.internal.InternalSearchOperation;
-import org.opends.server.types.Attribute;
-import org.opends.server.types.Attributes;
-import org.opends.server.types.DN;
-import org.opends.server.types.DirectoryException;
-import org.opends.server.types.Entry;
-import org.opends.server.types.Modification;
-import org.opends.server.types.OperationType;
-import org.opends.server.types.operation.PreParseAddOperation;
-import org.opends.server.types.operation.PreParseBindOperation;
-import org.opends.server.types.operation.PreParseCompareOperation;
-import org.opends.server.types.operation.PreParseDeleteOperation;
-import org.opends.server.types.operation.PreParseExtendedOperation;
-import org.opends.server.types.operation.PreParseModifyDNOperation;
-import org.opends.server.types.operation.PreParseModifyOperation;
-import org.opends.server.types.operation.PreParseOperation;
-import org.testng.annotations.BeforeClass;
-import org.testng.annotations.DataProvider;
-import org.testng.annotations.Test;
-
-import static org.forgerock.opendj.ldap.SearchScope.*;
-import static org.opends.server.admin.std.meta.RequestFilteringQOSPolicyCfgDefn.AllowedOperations.*;
-import static org.opends.server.admin.std.meta.RequestFilteringQOSPolicyCfgDefn.AllowedSearchScopes.*;
-import static org.opends.server.protocols.internal.Requests.*;
-import static org.opends.server.util.CollectionUtils.*;
-import static org.opends.server.util.ServerConstants.*;
-import static org.testng.Assert.*;
-
-/**
- * This set of tests test the resource limits.
- */
-@SuppressWarnings("javadoc")
-public class RequestFilteringPolicyTest extends DirectoryServerTestCase {
- //===========================================================================
- // B E F O R E C L A S S
- //===========================================================================
-
- /**
- * Sets up the environment for performing the tests in this suite.
- *
- * @throws Exception if the environment could not be set up.
- */
- @BeforeClass
- public void setUp() throws Exception
- {
- // This test suite depends on having the schema available,
- // so we'll start the server.
- TestCaseUtils.startServer();
- }
-
-
- //===========================================================================
- // D A T A P R O V I D E R
- //===========================================================================
-
- /** Provides information to create an allowedAttribute policy and a filter to test. */
- @DataProvider (name = "AllowedAttributesSet")
- public Object[][] initAllowedAttributesSet()
- {
- TreeSet<String> allowedAttr_uid_cn = newTreeSet("uid", "cn");
- TreeSet<String> allowedAttr_cn = newTreeSet("cn");
- TreeSet<String> allowedAttr_uid = newTreeSet("uid");
-
- return new Object[][] {
- // allowed attributes, attribute to test, success
- {allowedAttr_uid_cn, "uid=*", true},
- {allowedAttr_uid_cn, "cn=*", true},
- {allowedAttr_uid_cn, "(&(uid=user.1)(cn=*))", true},
- {allowedAttr_cn, "cn=*", true},
- {allowedAttr_cn, "uid=*", false},
- {allowedAttr_cn, "(&(uid=user.1)(cn=*))", false},
- {allowedAttr_uid, "cn=*", false},
- {allowedAttr_uid, "uid=*", true},
- {allowedAttr_uid, "(&(uid=user.1)(cn=*))", false}
- };
- }
-
- /** Provides information to create a prohibitedAttribute policy and a filter to test. */
- @DataProvider (name = "ProhibitedAttributesSet")
- public Object[][] initProhibitedAttributesSet()
- {
- TreeSet<String> prohibitedAttr_uid = newTreeSet("uid");
- TreeSet<String> prohibitedAttr_cn = newTreeSet("cn");
-
- return new Object[][] {
- // prohibited attributes, attribute to test, success
- {prohibitedAttr_uid, "uid=*", false},
- {prohibitedAttr_cn, "uid=*", true},
- {prohibitedAttr_cn, "(&(uid=user.1)(cn=*))", false}
- };
- }
-
- /** Provides information to create an allowedSearchScopes policy and a scope to test. */
- @DataProvider (name = "AllowedSearchScopesSet")
- public Object[][] initAllowedSearchScopesSet()
- {
- TreeSet<AllowedSearchScopes> scopes_all = newTreeSet2(BASE, CHILDREN, ONE, SUB);
- TreeSet<AllowedSearchScopes> scope_base = newTreeSet2(BASE);
- TreeSet<AllowedSearchScopes> scope_children = newTreeSet2(CHILDREN);
- TreeSet<AllowedSearchScopes> scope_one = newTreeSet2(ONE);
- TreeSet<AllowedSearchScopes> scope_sub = newTreeSet2(SUB);
-
- return new Object[][] {
- // allowed search scopes, scope to test, success
- {scopes_all, SearchScope.BASE_OBJECT, true},
- {scope_base, SearchScope.BASE_OBJECT, true},
- {scope_base, SearchScope.SINGLE_LEVEL, false},
- {scope_base, SearchScope.SUBORDINATES, false},
- {scope_base, SearchScope.WHOLE_SUBTREE, false},
- {scope_children, SearchScope.BASE_OBJECT, false},
- {scope_children, SearchScope.SINGLE_LEVEL, false},
- {scope_children, SearchScope.SUBORDINATES, true},
- {scope_children, SearchScope.WHOLE_SUBTREE, false},
- {scope_one, SearchScope.BASE_OBJECT, false},
- {scope_one, SearchScope.SINGLE_LEVEL, true},
- {scope_one, SearchScope.SUBORDINATES, false},
- {scope_one, SearchScope.WHOLE_SUBTREE, false},
- {scope_sub, SearchScope.BASE_OBJECT, false},
- {scope_sub, SearchScope.SINGLE_LEVEL, false},
- {scope_sub, SearchScope.SUBORDINATES, false},
- {scope_sub, SearchScope.WHOLE_SUBTREE, true}
- };
- }
-
- /**
- * Provides information to create a allowedSubtree policy and
- * a subtree search to test.
- */
- @DataProvider (name = "AllowedSubtreesSet")
- public Object[][] initAllowedSubtreesSet()
- throws DirectoryException
- {
- TreeSet<DN> subtrees1 = newTreeSet(DN.valueOf("ou=people,dc=example,dc=com"));
- TreeSet<DN> subtrees2 = newTreeSet(DN.valueOf("ou=test,dc=example,dc=com"));
- TreeSet<DN> subtrees3 = newTreeSet(DN.valueOf("dc=example,dc=com"));
- TreeSet<DN> subtrees4 = newTreeSet(
- DN.valueOf("dc=example,dc=com"),
- DN.valueOf("dc=test,dc=com"));
-
- return new Object[][] {
- // allowed subtrees, subtree to test, success
- {subtrees1, "ou=people,dc=example,dc=com", true},
- {subtrees2, "ou=people,dc=example,dc=com", false},
- {subtrees3, "ou=people,dc=example,dc=com", true},
- {subtrees1, "dc=example,dc=com", false},
- {subtrees4, "dc=example,dc=com", true},
- {subtrees4, "ou=people,dc=example,dc=com", true}
- };
- }
-
- /** Provides information to create a prohibitedSubtree policy and
- * a subtree search to test.
- */
- @DataProvider (name = "ProhibitedSubtreesSet")
- public Object[][] initProhibitedSubtreesSet() throws DirectoryException
- {
- TreeSet<DN> subtrees1 = newTreeSet(DN.valueOf("ou=people,dc=example,dc=com"));
- TreeSet<DN> subtrees2 = newTreeSet(DN.valueOf("ou=test,dc=example,dc=com"));
- TreeSet<DN> subtrees3 = newTreeSet(DN.valueOf("dc=example,dc=com"));
- TreeSet<DN> subtrees4 = newTreeSet(
- DN.valueOf("dc=example,dc=com"),
- DN.valueOf("dc=test,dc=com"));
-
- return new Object[][] {
- // prohibited subtrees, subtree to test, success
- {subtrees1, "ou=people,dc=example,dc=com", false},
- {subtrees2, "ou=people,dc=example,dc=com", true},
- {subtrees3, "ou=people,dc=example,dc=com", false},
- {subtrees1, "dc=example,dc=com", true},
- {subtrees4, "ou=people,dc=example,dc=com", false}
- };
- }
-
- /** Provides information to create a complex subtree policy and a
- * subtree search to test.
- */
- @DataProvider (name = "ComplexSubtreesSet")
- public Object[][] initComplexSubtreesSet() throws DirectoryException
- {
- TreeSet<DN> subtrees_empty = newTreeSet();
- TreeSet<DN> subtrees_root = newTreeSet(DN.valueOf("dc=example,dc=com"));
- TreeSet<DN> subtrees_people = newTreeSet(DN.valueOf("ou=people,dc=example,dc=com"));
- TreeSet<DN> subtrees_entry = newTreeSet(DN.valueOf("uid=user.1,ou=people,dc=example,dc=com"));
-
- return new Object[][] {
- // allowed subtree, prohibited subtree, subtree to test, success
- {subtrees_root, subtrees_people, "dc=example,dc=com", true},
- {subtrees_root, subtrees_people, "ou=people,dc=example,dc=com", false},
- {subtrees_root, subtrees_entry, "ou=people,dc=example,dc=com", true},
- {subtrees_empty, subtrees_people, "dc=example,dc=com", true},
- {subtrees_empty, subtrees_people, "ou=people,dc=example,dc=com", false}
- };
- }
-
- /** Provides information to create an allowed operations policy. */
- @DataProvider (name = "AllowedOperationsSet")
- public Object[][] initAllowedOperationsSet()
- {
- TreeSet<AllowedOperations> ops_all = newTreeSet2(
- ADD, BIND, COMPARE, DELETE, EXTENDED, INEQUALITY_SEARCH, MODIFY, RENAME, SEARCH);
- TreeSet<AllowedOperations> ops_search = newTreeSet2(INEQUALITY_SEARCH, SEARCH);
- TreeSet<AllowedOperations> ops_add_del = newTreeSet2(ADD, DELETE);
-
- return new Object[][] {
- // allowed operations, operation to test, success
- {ops_all, OperationType.ABANDON, true},
- {ops_all, OperationType.ADD, true},
- {ops_all, OperationType.BIND, true},
- {ops_all, OperationType.COMPARE, true},
- {ops_all, OperationType.DELETE, true},
- {ops_all, OperationType.EXTENDED, true},
- {ops_all, OperationType.MODIFY, true},
- {ops_all, OperationType.MODIFY_DN, true},
- {ops_all, OperationType.SEARCH, true},
- {ops_all, OperationType.UNBIND, true},
- {ops_search, OperationType.SEARCH, true},
- {ops_search, OperationType.ADD, false},
- {ops_search, OperationType.BIND, false},
- {ops_add_del, OperationType.ADD, true},
- {ops_add_del, OperationType.DELETE, true},
- {ops_add_del, OperationType.EXTENDED, false}
- };
- }
-
- //===========================================================================
- // T E S T C A S E S
- //===========================================================================
-
- private <T extends java.lang.Enum<T>> TreeSet<T> newTreeSet2(T op1, T... ops)
- {
- return new TreeSet<T>(EnumSet.of(op1, ops));
- }
-
- /** Tests the "allowed attributes" policy. */
- @Test (dataProvider = "AllowedAttributesSet", groups = "virtual")
- public void testAllowedAttributes(
- final SortedSet<String> allowedAttributes,
- String searchFilter,
- boolean success)
- throws Exception
- {
- ArrayList<LocalizableMessage> messages = new ArrayList<LocalizableMessage>();
-
- RequestFilteringPolicyFactory factory = new RequestFilteringPolicyFactory();
- RequestFilteringPolicy policy = factory.createQOSPolicy(new MockRequestFilteringQOSPolicyCfg() {
-
- @Override
- public SortedSet<String> getAllowedAttributes()
- {
- return Collections.unmodifiableSortedSet(allowedAttributes);
- }
-
- });
-
- InternalClientConnection conn = new InternalClientConnection(DN.rootDN());
- InternalSearchOperation search =
- conn.processSearch(newSearchRequest("dc=example,dc=com", BASE_OBJECT, searchFilter));
- assertEquals(policy.isAllowed(search, messages), success);
- }
-
- /** Tests the "prohibited operations" policy. */
- @Test (dataProvider = "ProhibitedAttributesSet", groups = "virtual")
- public void testProhibitedAttributes(
- final SortedSet<String> prohibitedAttributes,
- String searchFilter,
- boolean success)
- throws Exception
- {
- ArrayList<LocalizableMessage> messages = new ArrayList<LocalizableMessage>();
-
- RequestFilteringPolicyFactory factory = new RequestFilteringPolicyFactory();
- RequestFilteringPolicy policy = factory.createQOSPolicy(new MockRequestFilteringQOSPolicyCfg() {
-
- @Override
- public SortedSet<String> getProhibitedAttributes()
- {
- return Collections.unmodifiableSortedSet(prohibitedAttributes);
- }
-
- });
-
- InternalClientConnection conn = new InternalClientConnection(DN.rootDN());
- InternalSearchOperation search =
- conn.processSearch(newSearchRequest("dc=example,dc=com", BASE_OBJECT, searchFilter));
- assertEquals(policy.isAllowed(search, messages), success);
- }
-
- /**
- * Tests the "allowed search scopes" policy.
- */
- @Test (dataProvider = "AllowedSearchScopesSet", groups = "virtual")
- public void testAllowedSearchScopes(
- final SortedSet<AllowedSearchScopes> allowedScopes,
- SearchScope searchScope,
- boolean success)
- throws Exception
- {
- ArrayList<LocalizableMessage> messages = new ArrayList<LocalizableMessage>();
-
- RequestFilteringPolicyFactory factory = new RequestFilteringPolicyFactory();
- RequestFilteringPolicy policy = factory.createQOSPolicy(new MockRequestFilteringQOSPolicyCfg() {
-
- @Override
- public SortedSet<AllowedSearchScopes> getAllowedSearchScopes()
- {
- return Collections.unmodifiableSortedSet(allowedScopes);
- }
-
- });
-
- InternalClientConnection conn = new InternalClientConnection(DN.rootDN());
- InternalSearchOperation search = conn.processSearch(newSearchRequest(DN.valueOf("dc=example,dc=com"), searchScope));
- assertEquals(policy.isAllowed(search, messages), success);
- }
-
- /**
- * Tests the "allowed subtrees" policy.
- */
- @Test (dataProvider = "AllowedSubtreesSet", groups = "virtual")
- public void testAllowedSubtrees(
- final SortedSet<DN> allowedSubtrees,
- String searchSubtree,
- boolean success)
- throws Exception
- {
- ArrayList<LocalizableMessage> messages = new ArrayList<LocalizableMessage>();
-
- RequestFilteringPolicyFactory factory = new RequestFilteringPolicyFactory();
- RequestFilteringPolicy policy = factory.createQOSPolicy(new MockRequestFilteringQOSPolicyCfg() {
-
- @Override
- public SortedSet<DN> getAllowedSubtrees()
- {
- return Collections.unmodifiableSortedSet(allowedSubtrees);
- }
-
- });
-
- InternalClientConnection conn = new InternalClientConnection(DN.rootDN());
- InternalSearchOperation search = conn.processSearch(newSearchRequest(DN.valueOf(searchSubtree), WHOLE_SUBTREE));
- assertEquals(policy.isAllowed(search, messages), success);
- }
-
- /**
- * Tests the "prohibited subtrees" policy.
- */
- @Test (dataProvider = "ProhibitedSubtreesSet", groups = "virtual")
- public void testProhibitedSubtrees(
- final SortedSet<DN> prohibitedSubtrees,
- String searchSubtree,
- boolean success)
- throws Exception
- {
- ArrayList<LocalizableMessage> messages = new ArrayList<LocalizableMessage>();
-
- RequestFilteringPolicyFactory factory = new RequestFilteringPolicyFactory();
- RequestFilteringPolicy policy = factory.createQOSPolicy(new MockRequestFilteringQOSPolicyCfg() {
-
- @Override
- public SortedSet<DN> getProhibitedSubtrees()
- {
- return Collections.unmodifiableSortedSet(prohibitedSubtrees);
- }
-
- });
-
- InternalClientConnection conn = new InternalClientConnection(DN.rootDN());
- InternalSearchOperation search = conn.processSearch(newSearchRequest(DN.valueOf(searchSubtree), WHOLE_SUBTREE));
- assertEquals(policy.isAllowed(search, messages), success);
- }
-
- /**
- * Tests the subtrees policy.
- */
- @Test (dataProvider = "ComplexSubtreesSet", groups = "virtual")
- public void testComplexSubtrees(
- final SortedSet<DN> allowedSubtrees,
- final SortedSet<DN> prohibitedSubtrees,
- String searchSubtree,
- boolean success)
- throws Exception
- {
- ArrayList<LocalizableMessage> messages = new ArrayList<LocalizableMessage>();
-
- RequestFilteringPolicyFactory factory = new RequestFilteringPolicyFactory();
- RequestFilteringPolicy policy = factory.createQOSPolicy(new MockRequestFilteringQOSPolicyCfg() {
-
- @Override
- public SortedSet<DN> getAllowedSubtrees()
- {
- return Collections.unmodifiableSortedSet(allowedSubtrees);
- }
-
- @Override
- public SortedSet<DN> getProhibitedSubtrees()
- {
- return Collections.unmodifiableSortedSet(prohibitedSubtrees);
- }
-
- });
-
- InternalClientConnection conn = new InternalClientConnection(DN.rootDN());
- InternalSearchOperation search = conn.processSearch(newSearchRequest(DN.valueOf(searchSubtree), WHOLE_SUBTREE));
- assertEquals(policy.isAllowed(search, messages), success);
- }
-
-
- /**
- * Tests the allowed operations policy.
- */
- @Test (dataProvider = "AllowedOperationsSet", groups = "virtual")
- public void testAllowedOperations(
- final SortedSet<AllowedOperations> allowedOps,
- OperationType type,
- boolean success)
- throws Exception
- {
- ArrayList<LocalizableMessage> messages = new ArrayList<LocalizableMessage>();
-
- RequestFilteringPolicyFactory factory = new RequestFilteringPolicyFactory();
- RequestFilteringPolicy policy = factory.createQOSPolicy(new MockRequestFilteringQOSPolicyCfg() {
-
- @Override
- public SortedSet<AllowedOperations> getAllowedOperations()
- {
- return Collections.unmodifiableSortedSet(allowedOps);
- }
-
- });
-
- InternalClientConnection conn = new InternalClientConnection(DN.rootDN());
- PreParseOperation op = null;
-
- switch (type) {
- case ABANDON:
- return;
- case ADD:
- Entry e = TestCaseUtils.makeEntry(
- "dn: ou=People,o=ldif",
- "objectClass: top",
- "objectClass: organizationalUnit",
- "ou: People");
-
- op = (PreParseAddOperation) conn.processAdd(e);
- break;
- case BIND:
- op = (PreParseBindOperation) conn.processSimpleBind(
- "cn=Directory Manager", "password");
- break;
- case COMPARE:
- op = (PreParseCompareOperation) conn.processCompare(
- "uid=user.1,ou=People,o=ldif", "uid", "user.1");
- break;
- case DELETE:
- op = (PreParseDeleteOperation) conn.processDelete(
- "uid=user.1,ou=people,dc=example,dc=com");
- break;
- case EXTENDED:
- op = (PreParseExtendedOperation) conn.processExtendedOperation(
- OID_WHO_AM_I_REQUEST, null);
- break;
- case MODIFY:
- ArrayList<Modification> mods = new ArrayList<Modification>();
- Attribute attributeToModify = Attributes.create("attr", "newVal");
- mods.add(new Modification(ModificationType.ADD, attributeToModify));
- op = (PreParseModifyOperation) conn.processModify(
- DN.valueOf("uid=user.1,ou=people,dc=example,dc=com"), mods);
- break;
- case MODIFY_DN:
- op = (PreParseModifyDNOperation) conn.processModifyDN(
- "uid=user.1,ou=people,dc=example,dc=com",
- "uid=usr.1,ou=people,dc=example,dc=com", true);
- break;
- case SEARCH:
- op = conn.processSearch(newSearchRequest("dc=example,dc=com", WHOLE_SUBTREE, "uid>=user.1"));
- break;
- case UNBIND:
- return;
- }
-
- assertEquals(policy.isAllowed(op, messages), success);
- }
-}
diff --git a/opendj3-server-dev/tests/unit-tests-testng/src/server/org/opends/server/core/networkgroups/ResourceLimitsPolicyTest.java b/opendj3-server-dev/tests/unit-tests-testng/src/server/org/opends/server/core/networkgroups/ResourceLimitsPolicyTest.java
deleted file mode 100644
index 0862c93..0000000
--- a/opendj3-server-dev/tests/unit-tests-testng/src/server/org/opends/server/core/networkgroups/ResourceLimitsPolicyTest.java
+++ /dev/null
@@ -1,249 +0,0 @@
-/*
- * CDDL HEADER START
- *
- * The contents of this file are subject to the terms of the
- * Common Development and Distribution License, Version 1.0 only
- * (the "License"). You may not use this file except in compliance
- * with the License.
- *
- * You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
- * or http://forgerock.org/license/CDDLv1.0.html.
- * See the License for the specific language governing permissions
- * and limitations under the License.
- *
- * When distributing Covered Code, include this CDDL HEADER in each
- * file and include the License file at legal-notices/CDDLv1_0.txt.
- * If applicable, add the following below this CDDL HEADER, with the
- * fields enclosed by brackets "[]" replaced with your own identifying
- * information:
- * Portions Copyright [yyyy] [name of copyright owner]
- *
- * CDDL HEADER END
- *
- *
- * Copyright 2006-2010 Sun Microsystems, Inc.
- * Portions Copyright 2013-2014 ForgeRock AS
- */
-package org.opends.server.core.networkgroups;
-
-import java.util.ArrayList;
-import java.util.List;
-
-import org.forgerock.i18n.LocalizableMessage;
-import org.forgerock.opendj.ldap.SearchScope;
-import org.opends.server.DirectoryServerTestCase;
-import org.opends.server.TestCaseUtils;
-import org.opends.server.admin.std.server.ResourceLimitsQOSPolicyCfg;
-import org.opends.server.api.ClientConnection;
-import org.opends.server.protocols.internal.InternalClientConnection;
-import org.opends.server.protocols.internal.InternalSearchOperation;
-import org.opends.server.protocols.internal.SearchRequest;
-import org.opends.server.types.DN;
-import org.testng.annotations.BeforeClass;
-import org.testng.annotations.DataProvider;
-import org.testng.annotations.Test;
-
-import static org.mockito.Mockito.*;
-import static org.opends.server.protocols.internal.Requests.*;
-import static org.testng.Assert.*;
-
-/**
- * This set of tests test the resource limits.
- */
-@SuppressWarnings("javadoc")
-public class ResourceLimitsPolicyTest extends DirectoryServerTestCase {
- //===========================================================================
- //
- // B E F O R E C L A S S
- //
- //===========================================================================
-
- /**
- * Sets up the environment for performing the tests in this suite.
- *
- * @throws Exception if the environment could not be set up.
- */
- @BeforeClass
- public void setUp() throws Exception
- {
- // This test suite depends on having the schema available,
- // so we'll start the server.
- TestCaseUtils.startServer();
- }
-
-
- //===========================================================================
- //
- // D A T A P R O V I D E R
- //
- //===========================================================================
- /**
- * Provides information to create a search filter. First parameter is
- * the min substring length, 2nd param the search filter, and last param
- * the expected return value (true=check success, false = check failure).
- */
- @DataProvider (name = "SearchFilterSet")
- public Object[][] initSearchFilterSet()
- {
- return new Object[][] {
- // Presence filter
- { 5, "(cn=*)", true},
- // Substring filter
- { 5, "(cn=Dir*)", false },
- { 5, "(cn=Direc*)", true },
- { 5, "(cn=D*re*)", false },
- { 5, "(cn=D*re*t*y)", true },
- // NOT filter
- { 5, "(!(cn=Dir*))", false },
- { 5, "(!(cn=*ctory))", true},
- // AND filter
- { 5, "(&(objectclass=*)(cn=Dir*))", false },
- { 5, "(&(objectclass=*)(cn=Direc*))", true },
- // OR filter
- { 5, "(|(objectclass=*)(cn=Dir*))", false },
- { 5, "(|(objectclass=*)(cn=Direc*))", true }
- };
- }
-
-
- //===========================================================================
- //
- // T E S T C A S E S
- //
- //===========================================================================
-
- /**
- * Tests the max number of connections resource limit.
- */
- @Test (groups = "virtual")
- public void testMaxNumberOfConnections() throws Exception
- {
- final ResourceLimitsQOSPolicyCfg cfg = mock(ResourceLimitsQOSPolicyCfg.class);
- when(cfg.getMaxConnections()).thenReturn(1);
- final ResourceLimitsPolicy limits = createQOSPolicy(cfg);
-
- InternalClientConnection conn1 = new InternalClientConnection(DN.NULL_DN);
- limits.addConnection(conn1);
-
- assertOperationIsAllowed(limits, conn1, null, true);
-
- InternalClientConnection conn2 = new InternalClientConnection(DN.NULL_DN);
- limits.addConnection(conn2);
- assertOperationIsAllowed(limits, conn2, null, false);
-
- limits.removeConnection(conn1);
- assertOperationIsAllowed(limits, conn2, null, true);
-
- limits.removeConnection(conn2);
- }
-
- /**
- * Tests the max number of connections from same IP resource limit.
- */
- @Test (groups = "virtual")
- public void testMaxNumberOfConnectionsFromSameIp() throws Exception
- {
- final ResourceLimitsQOSPolicyCfg cfg = mock(ResourceLimitsQOSPolicyCfg.class);
- when(cfg.getMaxConnectionsFromSameIP()).thenReturn(1);
- final ResourceLimitsPolicy limits = createQOSPolicy(cfg);
-
- InternalClientConnection conn1 = new InternalClientConnection(DN.NULL_DN);
- limits.addConnection(conn1);
-
- assertOperationIsAllowed(limits, conn1, null, true);
-
- InternalClientConnection conn2 = new InternalClientConnection(DN.NULL_DN);
- limits.addConnection(conn2);
- assertOperationIsAllowed(limits, conn2, null, false);
-
- limits.removeConnection(conn1);
- assertOperationIsAllowed(limits, conn2, null, true);
-
- limits.removeConnection(conn2);
- }
-
- /**
- * Tests the min substring length.
- * @param minLength minimum search filter substring length
- * @param searchFilter the search filter to test
- * @param success boolean indicating the expected result
- */
- @Test (dataProvider = "SearchFilterSet", groups = "virtual")
- public void testMinSubstringLength(
- final int minLength,
- String searchFilter,
- boolean success)
- throws Exception
- {
- final ResourceLimitsQOSPolicyCfg cfg = mock(ResourceLimitsQOSPolicyCfg.class);
- when(cfg.getMinSubstringLength()).thenReturn(minLength);
- final ResourceLimitsPolicy limits = createQOSPolicy(cfg);
-
- InternalClientConnection conn1 = new InternalClientConnection(DN.NULL_DN);
- limits.addConnection(conn1);
-
- final SearchRequest request = newSearchRequest("dc=example,dc=com", SearchScope.BASE_OBJECT, searchFilter);
- InternalSearchOperation search = conn1.processSearch(request);
-
- assertOperationIsAllowed(limits, conn1, search, success);
- limits.removeConnection(conn1);
- }
-
- /**
- * Tests the 'max number of operations per interval' resource limit.
- */
- @Test (groups = "virtual")
- public void testMaxThroughput() throws Exception
- {
- final long interval = 1000; // Unit is milliseconds
-
- final ResourceLimitsQOSPolicyCfg cfg = mock(ResourceLimitsQOSPolicyCfg.class);
- when(cfg.getMaxOpsPerInterval()).thenReturn(1);
- when(cfg.getMaxOpsInterval()).thenReturn(interval);
- final ResourceLimitsPolicy limits = createQOSPolicy(cfg);
-
- InternalClientConnection conn = new InternalClientConnection(DN.NULL_DN);
- limits.addConnection(conn);
-
- final SearchRequest request = newSearchRequest(DN.valueOf("dc=example,dc=com"), SearchScope.BASE_OBJECT);
- final InternalSearchOperation search1 = conn.processSearch(request);
- assertOperationIsAllowed(limits, conn, search1, true,
- "First operation should be allowed");
-
- final InternalSearchOperation search2 = conn.processSearch(request);
- assertOperationIsAllowed(limits, conn, search2, false,
- "Second operation in the same interval should be disallowed");
-
- // Wait for the end of the interval => counters are reset
- Thread.sleep(interval);
-
- final InternalSearchOperation search3 = conn.processSearch(request);
- assertOperationIsAllowed(limits, conn, search3, true,
- "Third operation should be allowed");
- }
-
- private void assertOperationIsAllowed(ResourceLimitsPolicy limits,
- ClientConnection conn, InternalSearchOperation operation, boolean expected)
- {
- assertOperationIsAllowed(limits, conn, operation, expected, null);
- }
-
- private void assertOperationIsAllowed(ResourceLimitsPolicy limits,
- ClientConnection conn, InternalSearchOperation operation,
- boolean expected, String assertMsg)
- {
- final String msg = assertMsg != null ? assertMsg :
- "Operation should be " + (expected ? "" : "dis") + "allowed";
-
- final List<LocalizableMessage> messages =
- new ArrayList<LocalizableMessage>();
- final boolean actual = limits.isAllowed(conn, operation, true, messages);
- assertEquals(actual, expected, msg + ". Messages=" + messages);
- }
-
- private ResourceLimitsPolicy createQOSPolicy(ResourceLimitsQOSPolicyCfg cfg) throws Exception
- {
- return new ResourceLimitsPolicyFactory().createQOSPolicy(cfg);
- }
-
-}
--
Gitblit v1.10.0