From b2672995726bf9904cc8992d4a1e83f693eed446 Mon Sep 17 00:00:00 2001
From: Jean-Noel Rouvignac <jean-noel.rouvignac@forgerock.com>
Date: Fri, 26 Jul 2013 13:06:46 +0000
Subject: [PATCH] Fixed checkstyle error in Aci. More ACI debugging/readability changes.
---
opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/AciTargets.java | 35 +++++++++--------
opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/Aci.java | 2
opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/AciContainer.java | 36 ++++++++++++------
opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/AciBody.java | 5 ++
4 files changed, 47 insertions(+), 31 deletions(-)
diff --git a/opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/Aci.java b/opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/Aci.java
index 5ad8be5..ea77491 100644
--- a/opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/Aci.java
+++ b/opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/Aci.java
@@ -467,7 +467,7 @@
//matchCtx right does not contain either ACI_EXT_OP or ACI_CONTROL at
//this point.
if(aci.getTargets().getExtOp() != null
- || aci.getTargets().getTargetControl() != null) {
+ || aci.getTargets().getTargetControl() != null) {
return false;
}
return haveSimilarRights(aci, matchCtx) &&
diff --git a/opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/AciBody.java b/opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/AciBody.java
index 530b61e..25f9485 100644
--- a/opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/AciBody.java
+++ b/opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/AciBody.java
@@ -336,7 +336,10 @@
* needed in the actual evaluation of the ACI. This routine returns only the
* rights needed in the evaluation. The order does matter, ACI_SELF evaluation
* needs to be before ACI_WRITE.
- *
+ * <p>
+ * JNR: I find the implementation in this method dubious.
+ * @see EnumRight#hasRights(int, int)
+ *
* @param evalCtx The evaluation context to determine the rights of.
* @return The evaluation rights to used in the evaluation.
*/
diff --git a/opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/AciContainer.java b/opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/AciContainer.java
index a4d13e0..9f2f531 100644
--- a/opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/AciContainer.java
+++ b/opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/AciContainer.java
@@ -33,6 +33,7 @@
import java.net.InetAddress;
import java.security.cert.Certificate;
+import java.util.Collection;
import java.util.HashMap;
import java.util.List;
@@ -680,6 +681,10 @@
/**
* {@inheritDoc}
+ * <p>
+ * JNR: I find the implementation in this method dubious.
+ *
+ * @see EnumRight#hasRights(int, int)
*/
@Override
public boolean hasRights(int rights) {
@@ -853,6 +858,10 @@
/**
* {@inheritDoc}
+ * <p>
+ * JNR: I find the implementation in this method dubious.
+ *
+ * @see EnumRight#getEnumRight(int)
*/
@Override
public String rightToString() {
@@ -976,22 +985,16 @@
if (attributeType != null)
{
appendSeparatorIfNeeded(sb);
- sb.append(attributeType);
+ sb.append("attributeType: ").append(attributeType.getNameOrOID());
if (attributeValue != null)
{
- sb.append(":").append(attributeType);
+ sb.append(":").append(attributeValue);
}
}
- if (allowList != null)
- {
- appendSeparatorIfNeeded(sb);
- sb.append(allowList.size()).append(" allow ACIs");
- }
- if (denyList != null)
- {
- appendSeparatorIfNeeded(sb);
- sb.append(denyList.size()).append(" deny ACIs");
- }
+ appendSeparatorIfNeeded(sb);
+ sb.append(size(allowList)).append(" allow ACIs");
+ appendSeparatorIfNeeded(sb);
+ sb.append(size(denyList)).append(" deny ACIs");
if (evalReason != null)
{
appendSeparatorIfNeeded(sb);
@@ -1011,4 +1014,13 @@
sb.append(", ");
}
}
+
+ private int size(Collection<?> col)
+ {
+ if (col != null)
+ {
+ return col.size();
+ }
+ return 0;
+ }
}
diff --git a/opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/AciTargets.java b/opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/AciTargets.java
index 03f2670..7ff1cae 100644
--- a/opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/AciTargets.java
+++ b/opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/AciTargets.java
@@ -507,24 +507,24 @@
AciTargetMatchContext targetMatchCtx) {
boolean ret=true;
if(!targetMatchCtx.getTargAttrFiltersMatch()) {
- AciTargets targets=aci.getTargets();
- AttributeType a=targetMatchCtx.getCurrentAttributeType();
- int rights=targetMatchCtx.getRights();
+ TargetAttr targetAttr = aci.getTargets().getTargetAttr();
+ AttributeType attrType = targetMatchCtx.getCurrentAttributeType();
boolean isFirstAttr=targetMatchCtx.isFirstAttribute();
- if((a != null) && (targets.getTargetAttr() != null)) {
- ret=TargetAttr.isApplicable(a,targets.getTargetAttr());
- setEvalAttributes(targetMatchCtx,targets,ret);
- } else if((a != null) || (targets.getTargetAttr() != null)) {
- if((aci.hasRights(skipRights)) &&
- (skipRightsHasRights(rights)))
- ret=true;
- else if ((targets.getTargetAttr() != null) &&
- (a == null) && (aci.hasRights(ACI_WRITE)))
+
+ if (attrType != null && targetAttr != null) {
+ ret=TargetAttr.isApplicable(attrType,targetAttr);
+ setEvalAttributes(targetMatchCtx,targetAttr,ret);
+ } else if (attrType != null || targetAttr != null) {
+ if (aci.hasRights(skipRights)
+ && skipRightsHasRights(targetMatchCtx.getRights()))
+ ret = true;
+ else if (attrType == null && targetAttr != null
+ && aci.hasRights(ACI_WRITE))
ret = true;
else
ret = false;
}
- if((isFirstAttr) && (aci.getTargets().getTargetAttr() == null)
+ if (isFirstAttr && targetAttr == null
&& aci.getTargets().getTargAttrFilters() == null)
targetMatchCtx.setEntryTestRule(true);
}
@@ -660,12 +660,12 @@
*
*
* @param ctx The ctx to check against.
- * @param targets The targets part of the ACI.
+ * @param targetAttr The targetattrs part of the ACI.
* @param ret The is true if the ACI has already been evaluated to be
* applicable.
*/
private static
- void setEvalAttributes(AciTargetMatchContext ctx, AciTargets targets,
+ void setEvalAttributes(AciTargetMatchContext ctx, TargetAttr targetAttr,
boolean ret) {
ctx.clearEvalAttributes(ACI_USER_ATTR_STAR_MATCHED);
ctx.clearEvalAttributes(ACI_OP_ATTR_PLUS_MATCHED);
@@ -681,12 +681,13 @@
For example, the expression is: (targetattrs="cn || +) and the current
attribute type is cn.
*/
- if(ret && targets.getTargetAttr().isAllUserAttributes() &&
+ if(ret && targetAttr.isAllUserAttributes() &&
!ctx.hasEvalUserAttributes())
ctx.setEvalUserAttributes(ACI_USER_ATTR_STAR_MATCHED);
else
ctx.setEvalUserAttributes(ACI_FOUND_USER_ATTR_RULE);
- if(ret && targets.getTargetAttr().isAllOpAttributes() &&
+
+ if(ret && targetAttr.isAllOpAttributes() &&
!ctx.hasEvalOpAttributes())
ctx.setEvalOpAttributes(ACI_OP_ATTR_PLUS_MATCHED);
else
--
Gitblit v1.10.0