From 9c408f03f5b7a5c31abdd0a883140be9a4cb3cc3 Mon Sep 17 00:00:00 2001
From: dugan <dugan@localhost>
Date: Thu, 13 Sep 2007 20:00:57 +0000
Subject: [PATCH] These changes allow dsconfig to decode the ACI string similar to what is done for the DN syntax attributes. A new <adm: aci /> syntax has been created that DSEE compat configuration handler is now using.
---
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/DseeCompatAccessControlHandlerConfiguration.xml | 2
opendj-sdk/opends/src/server/org/opends/server/admin/PropertyDefinitionUsageBuilder.java | 9 +
opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/AciList.java | 13 ++
opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/Aci.java | 2
opendj-sdk/opends/resource/admin/property-types.xsl | 1
opendj-sdk/opends/resource/admin/admin.xsd | 8 +
opendj-sdk/opends/src/server/org/opends/server/admin/PropertyValueVisitor.java | 19 +++
opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/AciHandler.java | 22 ---
opendj-sdk/opends/resource/admin/property-types/aci.xsl | 41 ++++++++
opendj-sdk/opends/src/server/org/opends/server/admin/ACIPropertyDefinition.java | 151 ++++++++++++++++++++++++++++++
opendj-sdk/opends/src/server/org/opends/server/admin/PropertyDefinitionVisitor.java | 13 ++
11 files changed, 259 insertions(+), 22 deletions(-)
diff --git a/opendj-sdk/opends/resource/admin/admin.xsd b/opendj-sdk/opends/resource/admin/admin.xsd
index 6dbbb93..7be0679 100644
--- a/opendj-sdk/opends/resource/admin/admin.xsd
+++ b/opendj-sdk/opends/resource/admin/admin.xsd
@@ -1144,6 +1144,14 @@
</xsd:annotation>
<xsd:complexType />
</xsd:element>
+ <xsd:element name="aci">
+ <xsd:annotation>
+ <xsd:documentation>
+ Used for properties which contain dseecompat ACIs.
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType />
+ </xsd:element>
<xsd:element name="java-class">
<xsd:annotation>
<xsd:documentation>
diff --git a/opendj-sdk/opends/resource/admin/property-types.xsl b/opendj-sdk/opends/resource/admin/property-types.xsl
index 56086c4..58c5179 100644
--- a/opendj-sdk/opends/resource/admin/property-types.xsl
+++ b/opendj-sdk/opends/resource/admin/property-types.xsl
@@ -49,6 +49,7 @@
<xsl:include href="property-types/ip-address-mask.xsl" />
<xsl:include href="property-types/ip-address.xsl" />
<xsl:include href="property-types/java-class.xsl" />
+ <xsl:include href="property-types/aci.xsl" />
<xsl:include href="property-types/oid.xsl" />
<xsl:include href="property-types/password.xsl" />
<xsl:include href="property-types/size.xsl" />
diff --git a/opendj-sdk/opends/resource/admin/property-types/aci.xsl b/opendj-sdk/opends/resource/admin/property-types/aci.xsl
new file mode 100644
index 0000000..2c0af09
--- /dev/null
+++ b/opendj-sdk/opends/resource/admin/property-types/aci.xsl
@@ -0,0 +1,41 @@
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Portions Copyright 2007 Sun Microsystems, Inc.
+ ! -->
+<xsl:stylesheet version="1.0" xmlns:adm="http://www.opends.org/admin"
+ xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+ <!--
+ Templates for processing dseecompat ACI.
+ -->
+ <xsl:template match="adm:aci" mode="java-value-imports">
+ <import>org.opends.server.authorization.dseecompat.Aci</import>
+ </xsl:template>
+ <xsl:template match="adm:aci" mode="java-value-type">
+ <xsl:value-of select="'Aci'" />
+ </xsl:template>
+ <xsl:template match="adm:aci" mode="java-definition-type">
+ <xsl:value-of select="'ACIPropertyDefinition'" />
+ </xsl:template>
+</xsl:stylesheet>
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/DseeCompatAccessControlHandlerConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/DseeCompatAccessControlHandlerConfiguration.xml
index 359fca2..90b2ba5 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/DseeCompatAccessControlHandlerConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/DseeCompatAccessControlHandlerConfiguration.xml
@@ -75,7 +75,7 @@
</adm:alias>
</adm:default-behavior>
<adm:syntax>
- <adm:string />
+ <adm:aci />
</adm:syntax>
<adm:profile name="ldap">
<ldap:attribute>
diff --git a/opendj-sdk/opends/src/server/org/opends/server/admin/ACIPropertyDefinition.java b/opendj-sdk/opends/src/server/org/opends/server/admin/ACIPropertyDefinition.java
new file mode 100644
index 0000000..c88cdda
--- /dev/null
+++ b/opendj-sdk/opends/src/server/org/opends/server/admin/ACIPropertyDefinition.java
@@ -0,0 +1,151 @@
+/*
+ * CDDL HEADER START
+ *
+ * The contents of this file are subject to the terms of the
+ * Common Development and Distribution License, Version 1.0 only
+ * (the "License"). You may not use this file except in compliance
+ * with the License.
+ *
+ * You can obtain a copy of the license at
+ * trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ * or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ * See the License for the specific language governing permissions
+ * and limitations under the License.
+ *
+ * When distributing Covered Code, include this CDDL HEADER in each
+ * file and include the License file at
+ * trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ * add the following below this CDDL HEADER, with the fields enclosed
+ * by brackets "[]" replaced with your own identifying information:
+ * Portions Copyright [yyyy] [name of copyright owner]
+ *
+ * CDDL HEADER END
+ *
+ *
+ * Portions Copyright 2007 Sun Microsystems, Inc.
+ */
+
+package org.opends.server.admin;
+
+import org.opends.server.authorization.dseecompat.Aci;
+import org.opends.server.authorization.dseecompat.AciException;
+import org.opends.server.types.DN;
+import static org.opends.server.util.Validator.ensureNotNull;
+import org.opends.server.protocols.asn1.ASN1OctetString;
+
+import java.util.EnumSet;
+
+/**
+ * ACI property definition.
+ */
+public class ACIPropertyDefinition extends PropertyDefinition<Aci> {
+
+
+ /**
+ * An interface for incrementally constructing ACI property
+ * definitions.
+ */
+ public static class Builder extends
+ AbstractBuilder<Aci, ACIPropertyDefinition> {
+
+ // Private constructor
+ private Builder(
+ AbstractManagedObjectDefinition<?, ?> d, String propertyName) {
+ super(d, propertyName);
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ protected ACIPropertyDefinition buildInstance(
+ AbstractManagedObjectDefinition<?, ?> d,
+ String propertyName, EnumSet<PropertyOption> options,
+ AdministratorAction adminAction,
+ DefaultBehaviorProvider<Aci> defaultBehavior) {
+ return new ACIPropertyDefinition(d, propertyName, options,
+ adminAction, defaultBehavior);
+ }
+ }
+
+
+ /**
+ * Create a ACI property definition builder.
+ *
+ * @param d
+ * The managed object definition associated with this
+ * property definition.
+ * @param propertyName
+ * The property name.
+ * @return Returns the new ACI property definition builder.
+ */
+ public static Builder createBuilder(
+ AbstractManagedObjectDefinition<?, ?> d, String propertyName) {
+ return new Builder(d, propertyName);
+ }
+
+
+ // Private constructor.
+ private ACIPropertyDefinition(
+ AbstractManagedObjectDefinition<?, ?> d, String propertyName,
+ EnumSet<PropertyOption> options,
+ AdministratorAction adminAction,
+ DefaultBehaviorProvider<Aci> defaultBehavior) {
+ super(d, Aci.class, propertyName, options, adminAction,
+ defaultBehavior);
+ }
+
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public void validateValue(Aci value)
+ throws IllegalPropertyValueException {
+ ensureNotNull(value);
+
+ // No additional validation required.
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public Aci decodeValue(String value)
+ throws IllegalPropertyValueStringException {
+ ensureNotNull(value);
+
+ try {
+ return Aci.decode(new ASN1OctetString(value), DN.NULL_DN);
+ } catch (AciException e) {
+ // TODO: it would be nice to throw the cause.
+ throw new IllegalPropertyValueStringException(this, value);
+ }
+ }
+
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public <R, P> R accept(PropertyDefinitionVisitor<R, P> v, P p) {
+ return v.visitACI(this, p);
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public <R, P> R accept(PropertyValueVisitor<R, P> v, Aci value, P p) {
+ return v.visitACI(this, value, p);
+ }
+
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public int compare(Aci o1, Aci o2) {
+ return o1.toString().compareTo(o2.toString());
+ }
+}
diff --git a/opendj-sdk/opends/src/server/org/opends/server/admin/PropertyDefinitionUsageBuilder.java b/opendj-sdk/opends/src/server/org/opends/server/admin/PropertyDefinitionUsageBuilder.java
index e1292bf..99c6810 100644
--- a/opendj-sdk/opends/src/server/org/opends/server/admin/PropertyDefinitionUsageBuilder.java
+++ b/opendj-sdk/opends/src/server/org/opends/server/admin/PropertyDefinitionUsageBuilder.java
@@ -88,7 +88,14 @@
return Message.raw("OID");
}
-
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public Message visitACI(ACIPropertyDefinition d,
+ Void p) {
+ return Message.raw("ACI");
+ }
/**
* {@inheritDoc}
diff --git a/opendj-sdk/opends/src/server/org/opends/server/admin/PropertyDefinitionVisitor.java b/opendj-sdk/opends/src/server/org/opends/server/admin/PropertyDefinitionVisitor.java
index 34cdd89..7109a40 100644
--- a/opendj-sdk/opends/src/server/org/opends/server/admin/PropertyDefinitionVisitor.java
+++ b/opendj-sdk/opends/src/server/org/opends/server/admin/PropertyDefinitionVisitor.java
@@ -223,6 +223,19 @@
}
+ /**
+ * Visit a dseecompat Global ACI property definition.
+ *
+ * @param d
+ * The Global ACI property definition to visit.
+ * @param p
+ * A visitor specified parameter.
+ * @return Returns a visitor specified result.
+ */
+ public R visitACI(ACIPropertyDefinition d, P p) {
+ return visitUnknown(d, p);
+ }
+
/**
* Visit a size property definition.
diff --git a/opendj-sdk/opends/src/server/org/opends/server/admin/PropertyValueVisitor.java b/opendj-sdk/opends/src/server/org/opends/server/admin/PropertyValueVisitor.java
index 27d5584..585884a 100644
--- a/opendj-sdk/opends/src/server/org/opends/server/admin/PropertyValueVisitor.java
+++ b/opendj-sdk/opends/src/server/org/opends/server/admin/PropertyValueVisitor.java
@@ -34,7 +34,7 @@
import org.opends.server.types.AddressMask;
import org.opends.server.types.AttributeType;
import org.opends.server.types.DN;
-
+import org.opends.server.authorization.dseecompat.Aci;
/**
@@ -255,6 +255,23 @@
}
+ /**
+ * Visit a dseecompat ACI.
+ *
+ * @param d
+ * The dseecompat ACI property definition.
+ * @param v
+ * The property value to visit.
+ * @param p
+ * A visitor specified parameter.
+ * @return Returns a visitor specified result.
+ */
+ public R visitACI(ACIPropertyDefinition d, Aci v,
+ P p) {
+ return visitUnknown(d, v, p);
+ }
+
+
/**
* Visit a size.
diff --git a/opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/Aci.java b/opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/Aci.java
index 2970731..3f42e87 100644
--- a/opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/Aci.java
+++ b/opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/Aci.java
@@ -387,7 +387,7 @@
* @return A string representation of the ACI.
*/
public String toString() {
- return aciString;
+ return new String(aciString);
}
/**
diff --git a/opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/AciHandler.java b/opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/AciHandler.java
index 6d76f6f..b7fa1c6 100644
--- a/opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/AciHandler.java
+++ b/opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/AciHandler.java
@@ -231,26 +231,12 @@
private void processGlobalAcis(
DseeCompatAccessControlHandlerCfg configuration)
throws InitializationException {
- LinkedList<Message>failedACIMsgs=new LinkedList<Message>();
- SortedSet<String> globalAci = configuration.getGlobalACI();
+ SortedSet<Aci> globalAcis = configuration.getGlobalACI();
try {
- if (globalAci != null) {
- LinkedHashSet<AttributeValue> attVals =
- new LinkedHashSet<AttributeValue>(globalAci.size());
- for (String aci : globalAci)
- {
- attVals.add(new AttributeValue(globalAciType,aci));
- }
- Attribute attr = new Attribute(globalAciType,
- globalAciType.toString(),
- attVals);
- Entry e = new Entry(configuration.dn(), null, null, null);
- e.addAttribute(attr, new ArrayList<AttributeValue>());
- int aciCount = aciList.addAci(e, false, true, failedACIMsgs);
- if(!failedACIMsgs.isEmpty())
- aciListenerMgr.logMsgsSetLockDownMode(failedACIMsgs);
+ if (globalAcis != null) {
+ aciList.addAci(DN.nullDN(),globalAcis);
Message message = INFO_ACI_ADD_LIST_GLOBAL_ACIS.get(
- Integer.toString(aciCount));
+ Integer.toString(globalAcis.size()));
logError(message);
} else {
Message message = INFO_ACI_ADD_LIST_NO_GLOBAL_ACIS.get();
diff --git a/opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/AciList.java b/opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/AciList.java
index 11caf90..f6b1e0d 100644
--- a/opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/AciList.java
+++ b/opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/AciList.java
@@ -159,6 +159,19 @@
}
/**
+ * Add a set of ACIs to the ACI list. This is usually used a startup, when
+ * global ACIs are processed.
+ *
+ * @param dn The DN to add the ACIs under.
+ *
+ * @param acis A set of ACIs to add to the ACI list.
+ *
+ */
+ public synchronized void addAci(DN dn, SortedSet<Aci> acis) {
+ aciList.put(dn, new LinkedList<Aci>(acis));
+ }
+
+ /**
* Add all of an entry's ACI (global or regular) attribute values to the
* ACI list.
* @param entry The entry containing the ACI attributes.
--
Gitblit v1.10.0