From 9f214a54f4f3431c95cd622ed73e9dfbb03b29a3 Mon Sep 17 00:00:00 2001
From: Jean-Noel Rouvignac <jean-noel.rouvignac@forgerock.com>
Date: Tue, 23 Jul 2013 13:39:53 +0000
Subject: [PATCH] AciEffectiveRights.java: Changed the signature of createSummary() to return the summary string and remove the srcStr parameter. Extracted methods getEvalReason() and getDecidingAci() from createSummary().
---
opends/src/server/org/opends/server/authorization/dseecompat/AciEffectiveRights.java | 68 +++++++++++++++++++++------------
opends/src/server/org/opends/server/authorization/dseecompat/AciHandler.java | 50 ++++++++----------------
2 files changed, 60 insertions(+), 58 deletions(-)
diff --git a/opends/src/server/org/opends/server/authorization/dseecompat/AciEffectiveRights.java b/opends/src/server/org/opends/server/authorization/dseecompat/AciEffectiveRights.java
index b6ac7a7..52cc9d3 100644
--- a/opends/src/server/org/opends/server/authorization/dseecompat/AciEffectiveRights.java
+++ b/opends/src/server/org/opends/server/authorization/dseecompat/AciEffectiveRights.java
@@ -461,7 +461,7 @@
if(skipCheck && container.isAuthzidAuthorizationDN()) {
resString.append("write").append(":1");
container.setEvaluationResult(EnumEvalReason.SKIP_ACI, null);
- createSummary(container, true, "main");
+ container.setEvalSummary(createSummary(container, true));
} else {
// Reset everything.
container.resetEffectiveRightsParams();
@@ -580,7 +580,7 @@
if(skipCheck && container.isAuthzidAuthorizationDN()) {
resString.append(rightStr).append(":1");
container.setEvaluationResult(EnumEvalReason.SKIP_ACI, null);
- createSummary(container, true, "main");
+ container.setEvalSummary(createSummary(container, true));
} else {
boolean ret;
//Check if read right check, if so do accessAllowedEntry.
@@ -703,29 +703,18 @@
*
* @param evalCtx The evaluation context to gather information from.
* @param evalRet The value returned from the access evaluation.
- * @param srcStr String that can be used to specify where the summary call's
- * origin is.
+ * @return A summary of the ACI evaluation
*/
- public static
- void createSummary(AciEvalContext evalCtx, boolean evalRet, String srcStr) {
- String accessStatus=NOT_ALLOWED;
- if(evalRet)
- accessStatus=ALLOWED;
- String accessReason="";
- StringBuilder decideAci=new StringBuilder("");
+ public static String createSummary(AciEvalContext evalCtx, boolean evalRet)
+ {
+ String srcStr = "main";
+ String accessStatus = evalRet ? ALLOWED : NOT_ALLOWED;
+
//Try and determine what reason string to use.
- if(evalCtx.getEvalReason() == EnumEvalReason.EVALUATED_ALLOW_ACI) {
- accessReason=EVALUATED_ALLOW;
- decideAci.append(", deciding_aci: ").append(evalCtx.getDecidingAciName());
- } else if(evalCtx.getEvalReason() == EnumEvalReason.EVALUATED_DENY_ACI) {
- accessReason=EVALUATED_DENY;
- decideAci.append(", deciding_aci: ").append(evalCtx.getDecidingAciName());
- } else if(evalCtx.getEvalReason() == EnumEvalReason.NO_ALLOW_ACIS)
- accessReason=NO_ALLOWS;
- else if(evalCtx.getEvalReason() == EnumEvalReason.NO_MATCHED_ALLOWS_ACIS)
- accessReason=NO_ALLOWS_MATCHED;
- else if(evalCtx.getEvalReason() == EnumEvalReason.SKIP_ACI)
- accessReason=SKIP_ACI;
+ String accessReason = getEvalReason(evalCtx.getEvalReason());
+ StringBuilder decideAci =
+ getDecidingAci(evalCtx.getEvalReason(), evalCtx.getDecidingAciName());
+
//Only manipulate the evaluation context's targattrfilters ACI name
//if not a selfwrite evaluation and the context's targattrfilter match
//hashtable is not empty.
@@ -765,10 +754,39 @@
attrStr=aType.getPrimaryName();
if(evalCtx.getTargAttrFiltersAciName() != null)
decideAci.append(", access depends on attr value");
- String summaryStr = String.format(summaryFormatStr, srcStr, accessStatus,
+ return String.format(summaryFormatStr, srcStr, accessStatus,
right,evalCtx.getResourceDN().toString(),attrStr, user,
accessReason, decideAci.toString());
- evalCtx.setEvalSummary(summaryStr);
+ }
+
+ private static String getEvalReason(EnumEvalReason evalReason)
+ {
+ if (evalReason == EnumEvalReason.EVALUATED_ALLOW_ACI)
+ return EVALUATED_ALLOW;
+ else if (evalReason == EnumEvalReason.EVALUATED_DENY_ACI)
+ return EVALUATED_DENY;
+ else if (evalReason == EnumEvalReason.NO_ALLOW_ACIS)
+ return NO_ALLOWS;
+ else if (evalReason == EnumEvalReason.NO_MATCHED_ALLOWS_ACIS)
+ return NO_ALLOWS_MATCHED;
+ else if (evalReason == EnumEvalReason.SKIP_ACI)
+ return SKIP_ACI;
+ return "";
+ }
+
+ private static StringBuilder getDecidingAci(EnumEvalReason evalReason,
+ String decidingAciName)
+ {
+ StringBuilder decideAci = new StringBuilder();
+ if (evalReason == EnumEvalReason.EVALUATED_ALLOW_ACI)
+ {
+ decideAci.append(", deciding_aci: ").append(decidingAciName);
+ }
+ else if (evalReason == EnumEvalReason.EVALUATED_DENY_ACI)
+ {
+ decideAci.append(", deciding_aci: ").append(decidingAciName);
+ }
+ return decideAci;
}
/**
diff --git a/opends/src/server/org/opends/server/authorization/dseecompat/AciHandler.java b/opends/src/server/org/opends/server/authorization/dseecompat/AciHandler.java
index 68c06da..077f333 100644
--- a/opends/src/server/org/opends/server/authorization/dseecompat/AciHandler.java
+++ b/opends/src/server/org/opends/server/authorization/dseecompat/AciHandler.java
@@ -128,34 +128,11 @@
*/
private static void initStatics()
{
- if ((aciType = DirectoryServer.getAttributeType("aci")) == null)
- {
- aciType = DirectoryServer.getDefaultAttributeType("aci");
- }
+ aciType = getAttributeType("aci");
+ globalAciType = getAttributeType(ATTR_AUTHZ_GLOBAL_ACI);
+ debugSearchIndex = getAttributeType(EntryContainer.ATTR_DEBUG_SEARCH_INDEX);
+ refAttrType = getAttributeType(ATTR_REFERRAL_URL);
- if ((globalAciType =
- DirectoryServer.getAttributeType(ATTR_AUTHZ_GLOBAL_ACI)) == null)
- {
- globalAciType =
- DirectoryServer
- .getDefaultAttributeType(ATTR_AUTHZ_GLOBAL_ACI);
- }
-
- if ((debugSearchIndex =
- DirectoryServer
- .getAttributeType(EntryContainer.ATTR_DEBUG_SEARCH_INDEX)) == null)
- {
- debugSearchIndex =
- DirectoryServer
- .getDefaultAttributeType(EntryContainer.ATTR_DEBUG_SEARCH_INDEX);
- }
-
- if ((refAttrType =
- DirectoryServer.getAttributeType(ATTR_REFERRAL_URL)) == null)
- {
- refAttrType =
- DirectoryServer.getDefaultAttributeType(ATTR_REFERRAL_URL);
- }
try
{
debugSearchIndexDN = DN.decode("cn=debugsearch");
@@ -166,6 +143,16 @@
}
}
+ private static AttributeType getAttributeType(String name)
+ {
+ AttributeType attrType = DirectoryServer.getAttributeType(name);
+ if (attrType == null)
+ {
+ attrType = DirectoryServer.getDefaultAttributeType(name);
+ }
+ return attrType;
+ }
+
/**
@@ -387,11 +374,7 @@
baseName = toLowerCase(rawAttributeType);
}
- AttributeType attributeType = DirectoryServer.getAttributeType(baseName);
- if (attributeType == null)
- {
- attributeType = DirectoryServer.getDefaultAttributeType(baseName);
- }
+ AttributeType attributeType = getAttributeType(baseName);
AttributeValue attributeValue =
AttributeValues.create(attributeType, operation
@@ -722,7 +705,8 @@
// Build summary string if doing geteffectiverights eval.
if (container.isGetEffectiveRightsEval())
{
- AciEffectiveRights.createSummary(container, ret, "main");
+ container.setEvalSummary(
+ AciEffectiveRights.createSummary(container, ret));
}
return ret;
}
--
Gitblit v1.10.0