From d5f00e7d9877e6f33c400fe4e214eb19f528f74e Mon Sep 17 00:00:00 2001
From: Jean-Noel Rouvignac <jean-noel.rouvignac@forgerock.com>
Date: Tue, 04 Nov 2014 09:22:31 +0000
Subject: [PATCH] OPENDJ-1545 Remove Workflow, NetworkGroups and related attempts at building a proxy
---
/dev/null | 202 -----------
opendj3-server-dev/resource/config/config.ldif | 21 -
opendj3-server-dev/tests/unit-tests-testng/src/server/org/opends/server/core/networkgroups/MockClientConnection.java | 22
opendj-server2x-adapter/src/test/resources/config/config.ldif | 37 --
opendj3-server-dev/src/admin/defn/org/opends/server/admin/std/RootConfiguration.xml | 12
opendj3-server-dev/tests/unit-tests-testng/src/server/org/opends/server/core/networkgroups/NetworkGroupTest.java | 212 -----------
opendj3-server-dev/tests/unit-tests-testng/src/server/org/opends/server/core/networkgroups/BindDNConnectionCriteriaTest.java | 9
opendj3-server-dev/src/server/org/opends/server/core/networkgroups/NetworkGroup.java | 450 --------------------------
opendj-config-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/RootConfiguration.xml | 12
opendj3-server-dev/tests/unit-tests-testng/src/server/org/opends/server/core/networkgroups/IPConnectionCriteriaTest.java | 5
opendj3-server-dev/tests/unit-tests-testng/src/server/org/opends/server/core/networkgroups/SecurityConnectionCriteriaTest.java | 9
11 files changed, 21 insertions(+), 970 deletions(-)
diff --git a/opendj-config-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/NetworkGroupConfiguration.xml b/opendj-config-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/NetworkGroupConfiguration.xml
deleted file mode 100644
index 10e5994..0000000
--- a/opendj-config-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/NetworkGroupConfiguration.xml
+++ /dev/null
@@ -1,270 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<!--
- ! CDDL HEADER START
- !
- ! The contents of this file are subject to the terms of the
- ! Common Development and Distribution License, Version 1.0 only
- ! (the "License"). You may not use this file except in compliance
- ! with the License.
- !
- ! You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
- ! or http://forgerock.org/license/CDDLv1.0.html.
- ! See the License for the specific language governing permissions
- ! and limitations under the License.
- !
- ! When distributing Covered Code, include this CDDL HEADER in each
- ! file and include the License file at legal-notices/CDDLv1_0.txt.
- ! If applicable, add the following below this CDDL HEADER, with the
- ! fields enclosed by brackets "[]" replaced with your own identifying
- ! information:
- ! Portions Copyright [yyyy] [name of copyright owner]
- !
- ! CDDL HEADER END
- !
- !
- ! Copyright 2007-2009 Sun Microsystems, Inc.
- ! Portions copyright 2013-2014 ForgeRock AS.
- ! -->
-<adm:managed-object name="network-group"
- plural-name="network-groups"
- package="org.forgerock.opendj.server.config"
- xmlns:adm="http://opendj.forgerock.org/admin"
- xmlns:ldap="http://opendj.forgerock.org/admin-ldap">
- <adm:synopsis>
- The
- <adm:user-friendly-name/>
- is used to classify incoming client connections and route requests to
- workflows.
- </adm:synopsis>
- <adm:tag name="core-server"/>
- <adm:profile name="ldap">
- <ldap:object-class>
- <ldap:name>ds-cfg-network-group</ldap:name>
- <ldap:superior>top</ldap:superior>
- </ldap:object-class>
- </adm:profile>
- <adm:relation name="network-group-qos-policy"
- managed-object-name="qos-policy"
- hidden="true">
- <adm:synopsis>
- Specifies the set of quality of service (QoS) policies enforced by
- the
- <adm:user-friendly-name/>
- .
- </adm:synopsis>
- <adm:description>
- All client connections belonging to the
- <adm:user-friendly-name/>
- will comply with its policies.
- </adm:description>
- <adm:one-to-many unique="true"
- plural-name="network-group-qos-policies"/>
- <adm:profile name="ldap">
- <ldap:rdn-sequence>cn=QoS Policies</ldap:rdn-sequence>
- </adm:profile>
- </adm:relation>
- <adm:property name="enabled" mandatory="true">
- <adm:synopsis>
- Indicates whether the
- <adm:user-friendly-name/>
- is enabled for use in the server.
- </adm:synopsis>
- <adm:description>
- If a
- <adm:user-friendly-name/>
- is not enabled then its workflows will not be accessible when
- processing operations.
- </adm:description>
- <adm:syntax>
- <adm:boolean/>
- </adm:syntax>
- <adm:profile name="ldap">
- <ldap:attribute>
- <ldap:name>ds-cfg-enabled</ldap:name>
- </ldap:attribute>
- </adm:profile>
- </adm:property>
- <adm:property name="priority" mandatory="true">
- <adm:synopsis>
- Specifies the priority for this <adm:user-friendly-name/>.
- </adm:synopsis>
- <adm:description>
- A client connection is first compared against the
- <adm:user-friendly-name/>
- with the lowest priority. If the client connection does not match
- its connection criteria, then the client connection is compared against
- the
- <adm:user-friendly-name/>
- with next lowest priority, and so on. If no
- <adm:user-friendly-name/>
- is selected then the client connection is rejected.
- </adm:description>
- <adm:syntax>
- <adm:integer lower-limit="0"/>
- </adm:syntax>
- <adm:profile name="ldap">
- <ldap:attribute>
- <ldap:name>ds-cfg-priority</ldap:name>
- </ldap:attribute>
- </adm:profile>
- </adm:property>
- <adm:property name="allowed-auth-method" multi-valued="true">
- <adm:synopsis>
- Specifies a set of allowed authorization methods that clients
- must use in order to establish connections to this
- <adm:user-friendly-name/>.
- </adm:synopsis>
- <adm:requires-admin-action>
- <adm:none>
- <adm:synopsis>
- Changes to this property take effect immediately and do not
- interfere with connections that may have already been
- established.
- </adm:synopsis>
- </adm:none>
- </adm:requires-admin-action>
- <adm:default-behavior>
- <adm:alias>
- <adm:synopsis>
- All authorization methods are allowed.
- </adm:synopsis>
- </adm:alias>
- </adm:default-behavior>
- <adm:syntax>
- <adm:enumeration>
- <adm:value name="anonymous">
- <adm:synopsis>
- Unauthorized clients.
- </adm:synopsis>
- </adm:value>
- <adm:value name="simple">
- <adm:synopsis>
- Clients who bind using simple authentication (name and password).
- </adm:synopsis>
- </adm:value>
- <adm:value name="sasl">
- <adm:synopsis>
- Clients who bind using SASL/external certificate based
- authentication.
- </adm:synopsis>
- </adm:value>
- </adm:enumeration>
- </adm:syntax>
- <adm:profile name="ldap">
- <ldap:attribute>
- <ldap:name>ds-cfg-allowed-auth-method</ldap:name>
- </ldap:attribute>
- </adm:profile>
- </adm:property>
- <adm:property name="allowed-protocol" multi-valued="true">
- <adm:synopsis>
- Specifies a set of allowed supported protocols that clients
- must use in order to establish connections to this
- <adm:user-friendly-name/>.
- </adm:synopsis>
- <adm:requires-admin-action>
- <adm:none>
- <adm:synopsis>
- Changes to this property take effect immediately and do not
- interfere with connections that may have already been
- established.
- </adm:synopsis>
- </adm:none>
- </adm:requires-admin-action>
- <adm:default-behavior>
- <adm:alias>
- <adm:synopsis>
- All supported protocols are allowed.
- </adm:synopsis>
- </adm:alias>
- </adm:default-behavior>
- <adm:syntax>
- <adm:enumeration>
- <adm:value name="ldap">
- <adm:synopsis>
- Clients using LDAP are allowed.
- </adm:synopsis>
- </adm:value>
- <adm:value name="ldaps">
- <adm:synopsis>
- Clients using LDAPS are allowed.
- </adm:synopsis>
- </adm:value>
- </adm:enumeration>
- </adm:syntax>
- <adm:profile name="ldap">
- <ldap:attribute>
- <ldap:name>ds-cfg-allowed-protocol</ldap:name>
- </ldap:attribute>
- </adm:profile>
- </adm:property>
- <adm:property name="allowed-bind-dn" multi-valued="true">
- <adm:synopsis>
- Specifies a set of bind DN patterns that determine the
- clients that are allowed to establish connections to this
- <adm:user-friendly-name/>.
- </adm:synopsis>
- <adm:description>
- Valid bind DN filters are strings composed of zero or more
- wildcards. A double wildcard ** replaces one or more RDN
- components (as in uid=dmiller,**,dc=example,dc=com). A simple
- wildcard * replaces either a whole RDN, or a whole type, or a
- value substring (as in uid=bj*,ou=people,dc=example,dc=com).
- </adm:description>
- <adm:requires-admin-action>
- <adm:none>
- <adm:synopsis>
- Changes to this property take effect immediately and do not
- interfere with connections that may have already been
- established.
- </adm:synopsis>
- </adm:none>
- </adm:requires-admin-action>
- <adm:default-behavior>
- <adm:alias>
- <adm:synopsis>
- All bind DNs are allowed.
- </adm:synopsis>
- </adm:alias>
- </adm:default-behavior>
- <adm:syntax>
- <adm:string />
- </adm:syntax>
- <adm:profile name="ldap">
- <ldap:attribute>
- <ldap:name>ds-cfg-allowed-bind-dn</ldap:name>
- </ldap:attribute>
- </adm:profile>
- </adm:property>
- <adm:property-reference name="allowed-client" />
- <adm:property-reference name="denied-client" />
- <adm:property name="is-security-mandatory">
- <adm:synopsis>
- Specifies whether or not a secured client connection
- is required in order for clients to establish connections
- to this <adm:user-friendly-name/>.
- </adm:synopsis>
- <adm:requires-admin-action>
- <adm:none>
- <adm:synopsis>
- Changes to this property take effect immediately and do not
- interfere with connections that may have already been
- established.
- </adm:synopsis>
- </adm:none>
- </adm:requires-admin-action>
- <adm:default-behavior>
- <adm:defined>
- <adm:value>false</adm:value>
- </adm:defined>
- </adm:default-behavior>
- <adm:syntax>
- <adm:boolean />
- </adm:syntax>
- <adm:profile name="ldap">
- <ldap:attribute>
- <ldap:name>ds-cfg-is-security-mandatory</ldap:name>
- </ldap:attribute>
- </adm:profile>
- </adm:property>
-</adm:managed-object>
diff --git a/opendj-config-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/NetworkGroupPluginConfiguration.xml b/opendj-config-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/NetworkGroupPluginConfiguration.xml
deleted file mode 100644
index f5a6a94..0000000
--- a/opendj-config-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/NetworkGroupPluginConfiguration.xml
+++ /dev/null
@@ -1,83 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<!--
- ! CDDL HEADER START
- !
- ! The contents of this file are subject to the terms of the
- ! Common Development and Distribution License, Version 1.0 only
- ! (the "License"). You may not use this file except in compliance
- ! with the License.
- !
- ! You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
- ! or http://forgerock.org/license/CDDLv1.0.html.
- ! See the License for the specific language governing permissions
- ! and limitations under the License.
- !
- ! When distributing Covered Code, include this CDDL HEADER in each
- ! file and include the License file at legal-notices/CDDLv1_0.txt.
- ! If applicable, add the following below this CDDL HEADER, with the
- ! fields enclosed by brackets "[]" replaced with your own identifying
- ! information:
- ! Portions Copyright [yyyy] [name of copyright owner]
- !
- ! CDDL HEADER END
- !
- !
- ! Copyright 2007-2009 Sun Microsystems, Inc.
- ! -->
-<adm:managed-object name="network-group-plugin"
- plural-name="network-group-plugins" package="org.forgerock.opendj.server.config"
- extends="plugin" xmlns:adm="http://opendj.forgerock.org/admin"
- xmlns:ldap="http://opendj.forgerock.org/admin-ldap"
- hidden="true">
-
- <adm:synopsis>
- The
- <adm:user-friendly-name />
- allows to group connections into different network groups and
- enforce specific resource limit policies for each network group.
- </adm:synopsis>
-
- <adm:description>
- The
- <adm:user-friendly-name />
- creates network groups based on client connection criteria. Each network
- group defines resource limit policies applied to all its connections.
- </adm:description>
-
- <adm:profile name="ldap">
- <ldap:object-class>
- <ldap:name>ds-cfg-network-group-plugin</ldap:name>
- <ldap:superior>ds-cfg-plugin</ldap:superior>
- </ldap:object-class>
- </adm:profile>
-
- <adm:property-override name="java-class" advanced="true">
- <adm:default-behavior>
- <adm:defined>
- <adm:value>
- org.opends.server.core.networkgroups.NetworkGroupPlugin
- </adm:value>
- </adm:defined>
- </adm:default-behavior>
- </adm:property-override>
-
- <adm:property-override name="plugin-type" advanced="true">
- <adm:default-behavior>
- <adm:defined>
- <adm:value>postconnect</adm:value>
- <adm:value>preparseadd</adm:value>
- <adm:value>preparsebind</adm:value>
- <adm:value>preparsecompare</adm:value>
- <adm:value>preparsedelete</adm:value>
- <adm:value>preparseextended</adm:value>
- <adm:value>preparsemodify</adm:value>
- <adm:value>preparsemodifydn</adm:value>
- <adm:value>preparsesearch</adm:value>
- <adm:value>preparseunbind</adm:value>
- <adm:value>postresponsebind</adm:value>
- <adm:value>postresponseextended</adm:value>
- </adm:defined>
- </adm:default-behavior>
- </adm:property-override>
-
-</adm:managed-object>
diff --git a/opendj-config-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/RootConfiguration.xml b/opendj-config-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/RootConfiguration.xml
index e9ff924..cfb48e9 100644
--- a/opendj-config-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/RootConfiguration.xml
+++ b/opendj-config-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/RootConfiguration.xml
@@ -427,18 +427,6 @@
</cli:relation>
</adm:profile>
</adm:relation>
- <adm:relation name="network-group" hidden="true">
- <adm:one-to-many />
- <adm:profile name="ldap">
- <ldap:rdn-sequence>cn=Network Groups,cn=config</ldap:rdn-sequence>
- </adm:profile>
- <adm:profile name="cli">
- <cli:relation>
- <cli:default-property name="enabled" />
- <cli:default-property name="priority" />
- </cli:relation>
- </adm:profile>
- </adm:relation>
<adm:relation name="administration-connector">
<adm:one-to-one />
<adm:profile name="ldap">
diff --git a/opendj-server2x-adapter/src/test/resources/config/config.ldif b/opendj-server2x-adapter/src/test/resources/config/config.ldif
index c112e5e..7a28b1f 100644
--- a/opendj-server2x-adapter/src/test/resources/config/config.ldif
+++ b/opendj-server2x-adapter/src/test/resources/config/config.ldif
@@ -1877,27 +1877,6 @@
ds-cfg-type: uid
ds-cfg-invoke-for-internal-operations: true
-dn: cn=Network Group,cn=Plugins,cn=config
-objectClass: top
-objectClass: ds-cfg-plugin
-objectClass: ds-cfg-network-group-plugin
-cn: Network Group
-ds-cfg-java-class: org.opends.server.core.networkgroups.NetworkGroupPlugin
-ds-cfg-enabled: true
-ds-cfg-invoke-for-internal-operations: false
-ds-cfg-plugin-type: postConnect
-ds-cfg-plugin-type: preParseAdd
-ds-cfg-plugin-type: preParseBind
-ds-cfg-plugin-type: preParseCompare
-ds-cfg-plugin-type: preParseDelete
-ds-cfg-plugin-type: preParseExtended
-ds-cfg-plugin-type: preParseModify
-ds-cfg-plugin-type: preParseModifyDn
-ds-cfg-plugin-type: preParseSearch
-ds-cfg-plugin-type: preParseUnbind
-ds-cfg-plugin-type: postResponseBind
-ds-cfg-plugin-type: postResponseExtended
-
dn: cn=Change Number Control,cn=Plugins,cn=config
objectClass: top
objectClass: ds-cfg-plugin
@@ -2614,19 +2593,3 @@
objectClass: top
objectClass: ds-cfg-branch
cn: Extensions
-
-dn: cn=Network Groups,cn=config
-objectClass: top
-objectClass: ds-cfg-branch
-cn: Network Groups
-
-dn: cn=Workflows,cn=config
-objectClass: top
-objectClass: ds-cfg-branch
-cn: Workflows
-
-dn: cn=Workflow Elements,cn=config
-objectClass: top
-objectClass: ds-cfg-branch
-cn: Workflow Elements
-
diff --git a/opendj3-server-dev/resource/config/config.ldif b/opendj3-server-dev/resource/config/config.ldif
index 7b558a1..6ee45c7 100644
--- a/opendj3-server-dev/resource/config/config.ldif
+++ b/opendj3-server-dev/resource/config/config.ldif
@@ -1897,27 +1897,6 @@
ds-cfg-type: uid
ds-cfg-invoke-for-internal-operations: true
-dn: cn=Network Group,cn=Plugins,cn=config
-objectClass: top
-objectClass: ds-cfg-plugin
-objectClass: ds-cfg-network-group-plugin
-cn: Network Group
-ds-cfg-java-class: org.opends.server.core.networkgroups.NetworkGroupPlugin
-ds-cfg-enabled: true
-ds-cfg-invoke-for-internal-operations: false
-ds-cfg-plugin-type: postConnect
-ds-cfg-plugin-type: preParseAdd
-ds-cfg-plugin-type: preParseBind
-ds-cfg-plugin-type: preParseCompare
-ds-cfg-plugin-type: preParseDelete
-ds-cfg-plugin-type: preParseExtended
-ds-cfg-plugin-type: preParseModify
-ds-cfg-plugin-type: preParseModifyDn
-ds-cfg-plugin-type: preParseSearch
-ds-cfg-plugin-type: preParseUnbind
-ds-cfg-plugin-type: postResponseBind
-ds-cfg-plugin-type: postResponseExtended
-
dn: cn=Change Number Control,cn=Plugins,cn=config
objectClass: top
objectClass: ds-cfg-plugin
diff --git a/opendj3-server-dev/src/admin/defn/org/opends/server/admin/std/NetworkGroupConfiguration.xml b/opendj3-server-dev/src/admin/defn/org/opends/server/admin/std/NetworkGroupConfiguration.xml
deleted file mode 100644
index 6fabaf3..0000000
--- a/opendj3-server-dev/src/admin/defn/org/opends/server/admin/std/NetworkGroupConfiguration.xml
+++ /dev/null
@@ -1,270 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<!--
- ! CDDL HEADER START
- !
- ! The contents of this file are subject to the terms of the
- ! Common Development and Distribution License, Version 1.0 only
- ! (the "License"). You may not use this file except in compliance
- ! with the License.
- !
- ! You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
- ! or http://forgerock.org/license/CDDLv1.0.html.
- ! See the License for the specific language governing permissions
- ! and limitations under the License.
- !
- ! When distributing Covered Code, include this CDDL HEADER in each
- ! file and include the License file at legal-notices/CDDLv1_0.txt.
- ! If applicable, add the following below this CDDL HEADER, with the
- ! fields enclosed by brackets "[]" replaced with your own identifying
- ! information:
- ! Portions Copyright [yyyy] [name of copyright owner]
- !
- ! CDDL HEADER END
- !
- !
- ! Copyright 2007-2009 Sun Microsystems, Inc.
- ! Portions copyright 2013-2014 ForgeRock AS.
- ! -->
-<adm:managed-object name="network-group"
- plural-name="network-groups"
- package="org.opends.server.admin.std"
- xmlns:adm="http://www.opends.org/admin"
- xmlns:ldap="http://www.opends.org/admin-ldap">
- <adm:synopsis>
- The
- <adm:user-friendly-name/>
- is used to classify incoming client connections and route requests to
- workflows.
- </adm:synopsis>
- <adm:tag name="core-server"/>
- <adm:profile name="ldap">
- <ldap:object-class>
- <ldap:name>ds-cfg-network-group</ldap:name>
- <ldap:superior>top</ldap:superior>
- </ldap:object-class>
- </adm:profile>
- <adm:relation name="network-group-qos-policy"
- managed-object-name="qos-policy"
- hidden="true">
- <adm:synopsis>
- Specifies the set of quality of service (QoS) policies enforced by
- the
- <adm:user-friendly-name/>
- .
- </adm:synopsis>
- <adm:description>
- All client connections belonging to the
- <adm:user-friendly-name/>
- will comply with its policies.
- </adm:description>
- <adm:one-to-many unique="true"
- plural-name="network-group-qos-policies"/>
- <adm:profile name="ldap">
- <ldap:rdn-sequence>cn=QoS Policies</ldap:rdn-sequence>
- </adm:profile>
- </adm:relation>
- <adm:property name="enabled" mandatory="true">
- <adm:synopsis>
- Indicates whether the
- <adm:user-friendly-name/>
- is enabled for use in the server.
- </adm:synopsis>
- <adm:description>
- If a
- <adm:user-friendly-name/>
- is not enabled then its workflows will not be accessible when
- processing operations.
- </adm:description>
- <adm:syntax>
- <adm:boolean/>
- </adm:syntax>
- <adm:profile name="ldap">
- <ldap:attribute>
- <ldap:name>ds-cfg-enabled</ldap:name>
- </ldap:attribute>
- </adm:profile>
- </adm:property>
- <adm:property name="priority" mandatory="true">
- <adm:synopsis>
- Specifies the priority for this <adm:user-friendly-name/>.
- </adm:synopsis>
- <adm:description>
- A client connection is first compared against the
- <adm:user-friendly-name/>
- with the lowest priority. If the client connection does not match
- its connection criteria, then the client connection is compared against
- the
- <adm:user-friendly-name/>
- with next lowest priority, and so on. If no
- <adm:user-friendly-name/>
- is selected then the client connection is rejected.
- </adm:description>
- <adm:syntax>
- <adm:integer lower-limit="0"/>
- </adm:syntax>
- <adm:profile name="ldap">
- <ldap:attribute>
- <ldap:name>ds-cfg-priority</ldap:name>
- </ldap:attribute>
- </adm:profile>
- </adm:property>
- <adm:property name="allowed-auth-method" multi-valued="true">
- <adm:synopsis>
- Specifies a set of allowed authorization methods that clients
- must use in order to establish connections to this
- <adm:user-friendly-name/>.
- </adm:synopsis>
- <adm:requires-admin-action>
- <adm:none>
- <adm:synopsis>
- Changes to this property take effect immediately and do not
- interfere with connections that may have already been
- established.
- </adm:synopsis>
- </adm:none>
- </adm:requires-admin-action>
- <adm:default-behavior>
- <adm:alias>
- <adm:synopsis>
- All authorization methods are allowed.
- </adm:synopsis>
- </adm:alias>
- </adm:default-behavior>
- <adm:syntax>
- <adm:enumeration>
- <adm:value name="anonymous">
- <adm:synopsis>
- Unauthorized clients.
- </adm:synopsis>
- </adm:value>
- <adm:value name="simple">
- <adm:synopsis>
- Clients who bind using simple authentication (name and password).
- </adm:synopsis>
- </adm:value>
- <adm:value name="sasl">
- <adm:synopsis>
- Clients who bind using SASL/external certificate based
- authentication.
- </adm:synopsis>
- </adm:value>
- </adm:enumeration>
- </adm:syntax>
- <adm:profile name="ldap">
- <ldap:attribute>
- <ldap:name>ds-cfg-allowed-auth-method</ldap:name>
- </ldap:attribute>
- </adm:profile>
- </adm:property>
- <adm:property name="allowed-protocol" multi-valued="true">
- <adm:synopsis>
- Specifies a set of allowed supported protocols that clients
- must use in order to establish connections to this
- <adm:user-friendly-name/>.
- </adm:synopsis>
- <adm:requires-admin-action>
- <adm:none>
- <adm:synopsis>
- Changes to this property take effect immediately and do not
- interfere with connections that may have already been
- established.
- </adm:synopsis>
- </adm:none>
- </adm:requires-admin-action>
- <adm:default-behavior>
- <adm:alias>
- <adm:synopsis>
- All supported protocols are allowed.
- </adm:synopsis>
- </adm:alias>
- </adm:default-behavior>
- <adm:syntax>
- <adm:enumeration>
- <adm:value name="ldap">
- <adm:synopsis>
- Clients using LDAP are allowed.
- </adm:synopsis>
- </adm:value>
- <adm:value name="ldaps">
- <adm:synopsis>
- Clients using LDAPS are allowed.
- </adm:synopsis>
- </adm:value>
- </adm:enumeration>
- </adm:syntax>
- <adm:profile name="ldap">
- <ldap:attribute>
- <ldap:name>ds-cfg-allowed-protocol</ldap:name>
- </ldap:attribute>
- </adm:profile>
- </adm:property>
- <adm:property name="allowed-bind-dn" multi-valued="true">
- <adm:synopsis>
- Specifies a set of bind DN patterns that determine the
- clients that are allowed to establish connections to this
- <adm:user-friendly-name/>.
- </adm:synopsis>
- <adm:description>
- Valid bind DN filters are strings composed of zero or more
- wildcards. A double wildcard ** replaces one or more RDN
- components (as in uid=dmiller,**,dc=example,dc=com). A simple
- wildcard * replaces either a whole RDN, or a whole type, or a
- value substring (as in uid=bj*,ou=people,dc=example,dc=com).
- </adm:description>
- <adm:requires-admin-action>
- <adm:none>
- <adm:synopsis>
- Changes to this property take effect immediately and do not
- interfere with connections that may have already been
- established.
- </adm:synopsis>
- </adm:none>
- </adm:requires-admin-action>
- <adm:default-behavior>
- <adm:alias>
- <adm:synopsis>
- All bind DNs are allowed.
- </adm:synopsis>
- </adm:alias>
- </adm:default-behavior>
- <adm:syntax>
- <adm:string />
- </adm:syntax>
- <adm:profile name="ldap">
- <ldap:attribute>
- <ldap:name>ds-cfg-allowed-bind-dn</ldap:name>
- </ldap:attribute>
- </adm:profile>
- </adm:property>
- <adm:property-reference name="allowed-client" />
- <adm:property-reference name="denied-client" />
- <adm:property name="is-security-mandatory">
- <adm:synopsis>
- Specifies whether or not a secured client connection
- is required in order for clients to establish connections
- to this <adm:user-friendly-name/>.
- </adm:synopsis>
- <adm:requires-admin-action>
- <adm:none>
- <adm:synopsis>
- Changes to this property take effect immediately and do not
- interfere with connections that may have already been
- established.
- </adm:synopsis>
- </adm:none>
- </adm:requires-admin-action>
- <adm:default-behavior>
- <adm:defined>
- <adm:value>false</adm:value>
- </adm:defined>
- </adm:default-behavior>
- <adm:syntax>
- <adm:boolean />
- </adm:syntax>
- <adm:profile name="ldap">
- <ldap:attribute>
- <ldap:name>ds-cfg-is-security-mandatory</ldap:name>
- </ldap:attribute>
- </adm:profile>
- </adm:property>
-</adm:managed-object>
diff --git a/opendj3-server-dev/src/admin/defn/org/opends/server/admin/std/NetworkGroupPluginConfiguration.xml b/opendj3-server-dev/src/admin/defn/org/opends/server/admin/std/NetworkGroupPluginConfiguration.xml
deleted file mode 100644
index 70f21d0..0000000
--- a/opendj3-server-dev/src/admin/defn/org/opends/server/admin/std/NetworkGroupPluginConfiguration.xml
+++ /dev/null
@@ -1,83 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<!--
- ! CDDL HEADER START
- !
- ! The contents of this file are subject to the terms of the
- ! Common Development and Distribution License, Version 1.0 only
- ! (the "License"). You may not use this file except in compliance
- ! with the License.
- !
- ! You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
- ! or http://forgerock.org/license/CDDLv1.0.html.
- ! See the License for the specific language governing permissions
- ! and limitations under the License.
- !
- ! When distributing Covered Code, include this CDDL HEADER in each
- ! file and include the License file at legal-notices/CDDLv1_0.txt.
- ! If applicable, add the following below this CDDL HEADER, with the
- ! fields enclosed by brackets "[]" replaced with your own identifying
- ! information:
- ! Portions Copyright [yyyy] [name of copyright owner]
- !
- ! CDDL HEADER END
- !
- !
- ! Copyright 2007-2009 Sun Microsystems, Inc.
- ! -->
-<adm:managed-object name="network-group-plugin"
- plural-name="network-group-plugins" package="org.opends.server.admin.std"
- extends="plugin" xmlns:adm="http://www.opends.org/admin"
- xmlns:ldap="http://www.opends.org/admin-ldap"
- hidden="true">
-
- <adm:synopsis>
- The
- <adm:user-friendly-name />
- allows to group connections into different network groups and
- enforce specific resource limit policies for each network group.
- </adm:synopsis>
-
- <adm:description>
- The
- <adm:user-friendly-name />
- creates network groups based on client connection criteria. Each network
- group defines resource limit policies applied to all its connections.
- </adm:description>
-
- <adm:profile name="ldap">
- <ldap:object-class>
- <ldap:name>ds-cfg-network-group-plugin</ldap:name>
- <ldap:superior>ds-cfg-plugin</ldap:superior>
- </ldap:object-class>
- </adm:profile>
-
- <adm:property-override name="java-class" advanced="true">
- <adm:default-behavior>
- <adm:defined>
- <adm:value>
- org.opends.server.core.networkgroups.NetworkGroupPlugin
- </adm:value>
- </adm:defined>
- </adm:default-behavior>
- </adm:property-override>
-
- <adm:property-override name="plugin-type" advanced="true">
- <adm:default-behavior>
- <adm:defined>
- <adm:value>postconnect</adm:value>
- <adm:value>preparseadd</adm:value>
- <adm:value>preparsebind</adm:value>
- <adm:value>preparsecompare</adm:value>
- <adm:value>preparsedelete</adm:value>
- <adm:value>preparseextended</adm:value>
- <adm:value>preparsemodify</adm:value>
- <adm:value>preparsemodifydn</adm:value>
- <adm:value>preparsesearch</adm:value>
- <adm:value>preparseunbind</adm:value>
- <adm:value>postresponsebind</adm:value>
- <adm:value>postresponseextended</adm:value>
- </adm:defined>
- </adm:default-behavior>
- </adm:property-override>
-
-</adm:managed-object>
diff --git a/opendj3-server-dev/src/admin/defn/org/opends/server/admin/std/RootConfiguration.xml b/opendj3-server-dev/src/admin/defn/org/opends/server/admin/std/RootConfiguration.xml
index fbac903..40c6ab3 100644
--- a/opendj3-server-dev/src/admin/defn/org/opends/server/admin/std/RootConfiguration.xml
+++ b/opendj3-server-dev/src/admin/defn/org/opends/server/admin/std/RootConfiguration.xml
@@ -427,18 +427,6 @@
</cli:relation>
</adm:profile>
</adm:relation>
- <adm:relation name="network-group" hidden="true">
- <adm:one-to-many />
- <adm:profile name="ldap">
- <ldap:rdn-sequence>cn=Network Groups,cn=config</ldap:rdn-sequence>
- </adm:profile>
- <adm:profile name="cli">
- <cli:relation>
- <cli:default-property name="enabled" />
- <cli:default-property name="priority" />
- </cli:relation>
- </adm:profile>
- </adm:relation>
<adm:relation name="administration-connector">
<adm:one-to-one />
<adm:profile name="ldap">
diff --git a/opendj3-server-dev/src/server/org/opends/server/core/networkgroups/AuthMethodConnectionCriteria.java b/opendj3-server-dev/src/server/org/opends/server/core/networkgroups/AuthMethodConnectionCriteria.java
deleted file mode 100644
index cdc52f4..0000000
--- a/opendj3-server-dev/src/server/org/opends/server/core/networkgroups/AuthMethodConnectionCriteria.java
+++ /dev/null
@@ -1,141 +0,0 @@
-/*
- * CDDL HEADER START
- *
- * The contents of this file are subject to the terms of the
- * Common Development and Distribution License, Version 1.0 only
- * (the "License"). You may not use this file except in compliance
- * with the License.
- *
- * You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
- * or http://forgerock.org/license/CDDLv1.0.html.
- * See the License for the specific language governing permissions
- * and limitations under the License.
- *
- * When distributing Covered Code, include this CDDL HEADER in each
- * file and include the License file at legal-notices/CDDLv1_0.txt.
- * If applicable, add the following below this CDDL HEADER, with the
- * fields enclosed by brackets "[]" replaced with your own identifying
- * information:
- * Portions Copyright [yyyy] [name of copyright owner]
- *
- * CDDL HEADER END
- *
- *
- * Copyright 2009 Sun Microsystems, Inc.
- */
-package org.opends.server.core.networkgroups;
-
-
-
-import java.util.Collection;
-import java.util.EnumSet;
-import java.util.Set;
-
-import org.opends.server.admin.std.meta.NetworkGroupCfgDefn.AllowedAuthMethod;
-import org.opends.server.api.ClientConnection;
-import org.opends.server.types.AuthenticationInfo;
-import org.opends.server.types.AuthenticationType;
-import org.opends.server.types.DN;
-
-
-
-/**
- * A connection criteria which matches connections authenticated using a
- * permitted authentication method.
- */
-
-final class AuthMethodConnectionCriteria implements ConnectionCriteria
-{
-
- // The set of allowed authentication methods.
- private final Set<AllowedAuthMethod> authMethods;
-
-
-
- /**
- * Creates a new authentication method connection criteria using the
- * provided allowed authentication methods.
- *
- * @param authMethods
- * The allowed authentication methods.
- */
- public AuthMethodConnectionCriteria(
- Collection<AllowedAuthMethod> authMethods)
- {
- this.authMethods = EnumSet.copyOf(authMethods);
- }
-
-
-
- /**
- * {@inheritDoc}
- */
- public boolean matches(ClientConnection connection)
- {
- AuthenticationInfo authInfo = connection.getAuthenticationInfo();
-
- for (AllowedAuthMethod method : authMethods)
- {
- switch (method)
- {
- case ANONYMOUS:
- if (!authInfo.isAuthenticated())
- {
- return true;
- }
- break;
- case SIMPLE:
- if (authInfo.hasAuthenticationType(AuthenticationType.SIMPLE))
- {
- return true;
- }
- break;
- case SASL:
- if (authInfo.hasAuthenticationType(AuthenticationType.SASL))
- {
- return true;
- }
- break;
- }
- }
-
- return false;
- }
-
-
-
- /**
- * {@inheritDoc}
- */
- public boolean willMatchAfterBind(ClientConnection connection,
- DN bindDN, AuthenticationType authType, boolean isSecure)
- {
- for (AllowedAuthMethod method : authMethods)
- {
- switch (method)
- {
- case ANONYMOUS:
- if (bindDN.toString().length() == 0)
- {
- return true;
- }
- break;
- case SIMPLE:
- if (authType == AuthenticationType.SIMPLE
- && bindDN.toString().length() > 0)
- {
- return true;
- }
- break;
- case SASL:
- if (authType == AuthenticationType.SASL)
- {
- return true;
- }
- break;
- }
- }
-
- return false;
- }
-}
diff --git a/opendj3-server-dev/src/server/org/opends/server/core/networkgroups/NetworkGroup.java b/opendj3-server-dev/src/server/org/opends/server/core/networkgroups/NetworkGroup.java
index 2a8c5e9..82d3097 100644
--- a/opendj3-server-dev/src/server/org/opends/server/core/networkgroups/NetworkGroup.java
+++ b/opendj3-server-dev/src/server/org/opends/server/core/networkgroups/NetworkGroup.java
@@ -29,7 +29,6 @@
import java.lang.reflect.InvocationTargetException;
import java.util.ArrayList;
import java.util.Collection;
-import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.TreeMap;
@@ -40,11 +39,7 @@
import org.forgerock.opendj.config.server.ConfigException;
import org.forgerock.opendj.ldap.ResultCode;
import org.opends.server.admin.ClassPropertyDefinition;
-import org.opends.server.admin.server.ConfigurationAddListener;
-import org.opends.server.admin.server.ConfigurationChangeListener;
-import org.opends.server.admin.server.ConfigurationDeleteListener;
import org.opends.server.admin.std.meta.QOSPolicyCfgDefn;
-import org.opends.server.admin.std.server.NetworkGroupCfg;
import org.opends.server.admin.std.server.QOSPolicyCfg;
import org.opends.server.api.ClientConnection;
import org.opends.server.api.QOSPolicy;
@@ -55,7 +50,6 @@
import org.opends.server.core.WorkflowImpl;
import org.opends.server.core.WorkflowTopologyNode;
import org.opends.server.types.AuthenticationType;
-import org.opends.server.types.ConfigChangeResult;
import org.opends.server.types.DN;
import org.opends.server.types.DirectoryException;
import org.opends.server.types.InitializationException;
@@ -78,153 +72,6 @@
*/
public class NetworkGroup
{
- /**
- * Configuration change listener for user network groups.
- */
- private final class ChangeListener implements
- ConfigurationChangeListener<NetworkGroupCfg>
- {
-
- /**
- * {@inheritDoc}
- */
- @Override
- public ConfigChangeResult applyConfigurationChange(
- NetworkGroupCfg configuration)
- {
- ResultCode resultCode = ResultCode.SUCCESS;
- boolean adminActionRequired = false;
- List<LocalizableMessage> messages = new ArrayList<LocalizableMessage>();
-
- // Update the priority.
- setNetworkGroupPriority(configuration.getPriority());
-
- try
- {
- criteria = decodeConnectionCriteriaConfiguration(configuration);
- }
- catch (ConfigException e)
- {
- resultCode = DirectoryServer.getServerErrorResultCode();
- messages.add(e.getMessageObject());
- }
-
- // Update the configuration.
- NetworkGroup.this.configuration = configuration;
-
- return new ConfigChangeResult(resultCode, adminActionRequired, messages);
- }
-
-
-
- /**
- * {@inheritDoc}
- */
- @Override
- public boolean isConfigurationChangeAcceptable(
- NetworkGroupCfg configuration, List<LocalizableMessage> unacceptableReasons)
- {
- return isConfigurationAcceptable(configuration,
- unacceptableReasons);
- }
-
- }
-
- /**
- * Configuration change listener for user network group QOS policies.
- */
- private final class QOSPolicyListener implements
- ConfigurationAddListener<QOSPolicyCfg>,
- ConfigurationDeleteListener<QOSPolicyCfg>
- {
-
- /**
- * {@inheritDoc}
- */
- @Override
- public ConfigChangeResult applyConfigurationAdd(
- QOSPolicyCfg configuration)
- {
- ResultCode resultCode = ResultCode.SUCCESS;
- boolean adminActionRequired = false;
- List<LocalizableMessage> messages = new ArrayList<LocalizableMessage>();
-
- try
- {
- createNetworkGroupQOSPolicy(configuration);
- }
- catch (ConfigException e)
- {
- messages.add(e.getMessageObject());
- resultCode = DirectoryServer.getServerErrorResultCode();
- }
- catch (InitializationException e)
- {
- messages.add(e.getMessageObject());
- resultCode = DirectoryServer.getServerErrorResultCode();
- }
-
- return new ConfigChangeResult(resultCode, adminActionRequired,
- messages);
- }
-
-
-
- /**
- * {@inheritDoc}
- */
- @Override
- public ConfigChangeResult applyConfigurationDelete(
- QOSPolicyCfg configuration)
- {
- QOSPolicy policy = policies.remove(configuration.dn());
-
- if (policy != null)
- {
- if (requestFilteringPolicy == policy)
- {
- requestFilteringPolicy = null;
- }
- else if (resourceLimitsPolicy == policy)
- {
- resourceLimitsPolicy = null;
- }
-
- policy.finalizeQOSPolicy();
- }
-
- return new ConfigChangeResult(ResultCode.SUCCESS, false);
- }
-
-
-
- /**
- * {@inheritDoc}
- */
- @Override
- public boolean isConfigurationAddAcceptable(
- QOSPolicyCfg configuration, List<LocalizableMessage> unacceptableReasons)
- {
- return isNetworkGroupQOSPolicyConfigurationAcceptable(
- configuration, unacceptableReasons);
- }
-
-
-
- /**
- * {@inheritDoc}
- */
- @Override
- public boolean isConfigurationDeleteAcceptable(
- QOSPolicyCfg configuration, List<LocalizableMessage> unacceptableReasons)
- {
- // Always ok.
- return true;
- }
-
- }
-
-
// The admin network group has no criterion, no policy,
// and gives access to all the workflows.
@@ -398,264 +245,6 @@
return registeredNetworkGroups.get(networkGroupID);
}
-
-
- /**
- * Initializes this network group as a user network group using the
- * provided configuration. The network group will monitor the
- * configuration and update its configuration when necessary.
- *
- * @param configuration
- * The network group configuration.
- * @return The new user network group.
- * @throws ConfigException
- * If an unrecoverable problem arises during initialization
- * of the user network group as a result of the server
- * configuration.
- * @throws InitializationException
- * If a problem occurs during initialization of the user
- * network group that is not related to the server
- * configuration.
- */
- static NetworkGroup createUserNetworkGroup(
- NetworkGroupCfg configuration) throws InitializationException,
- ConfigException
- {
- NetworkGroup networkGroup = new NetworkGroup(configuration);
-
- try
- {
- // Set the priority.
- networkGroup.priority = configuration.getPriority();
-
- // Initialize the network group criteria.
- networkGroup.criteria =
- decodeConnectionCriteriaConfiguration(configuration);
-
- // Initialize the network group policies.
- for (String policyName : configuration
- .listNetworkGroupQOSPolicies())
- {
- QOSPolicyCfg policyConfiguration =
- configuration.getNetworkGroupQOSPolicy(policyName);
- networkGroup.createNetworkGroupQOSPolicy(policyConfiguration);
- }
-
- // Register the root DSE workflow with the network group.
- WorkflowImpl rootDSEworkflow =
- (WorkflowImpl) WorkflowImpl.getWorkflow("__root.dse__#");
- networkGroup.registerWorkflow(rootDSEworkflow);
-
- // TODO JNR remove CoreMessages.INFO_ERR_WORKFLOW_DOES_NOT_EXIST
-
- // Register all configuration change listeners.
- configuration.addChangeListener(networkGroup.changeListener);
- configuration
- .addNetworkGroupQOSPolicyAddListener(networkGroup.policyListener);
- configuration
- .addNetworkGroupQOSPolicyDeleteListener(networkGroup.policyListener);
-
- // Register the network group with the server.
- networkGroup.register();
- }
- catch (DirectoryException e)
- {
- networkGroup.finalizeNetworkGroup();
- throw new InitializationException(e.getMessageObject());
- }
- catch (InitializationException e)
- {
- networkGroup.finalizeNetworkGroup();
- throw e;
- }
- catch (ConfigException e)
- {
- networkGroup.finalizeNetworkGroup();
- throw e;
- }
-
- return networkGroup;
- }
-
-
-
- /**
- * Indicates whether the provided network group configuration is
- * acceptable.
- *
- * @param configuration
- * The network group configuration.
- * @param unacceptableReasons
- * A list that can be used to hold messages about why the
- * provided configuration is not acceptable.
- * @return Returns <code>true</code> if the provided network group
- * configuration is acceptable, or <code>false</code> if it is
- * not.
- */
- static boolean isConfigurationAcceptable(
- NetworkGroupCfg configuration, List<LocalizableMessage> unacceptableReasons)
- {
- // The configuration is always acceptable if disabled.
- if (!configuration.isEnabled())
- {
- return true;
- }
-
- // Check that all the workflows in the network group have a
- // different base DN.
- boolean isAcceptable = true;
-
- // Validate any policy configurations.
- for (String policyName : configuration
- .listNetworkGroupQOSPolicies())
- {
- try
- {
- QOSPolicyCfg policyCfg =
- configuration.getNetworkGroupQOSPolicy(policyName);
- if (!isNetworkGroupQOSPolicyConfigurationAcceptable(policyCfg,
- unacceptableReasons))
- {
- isAcceptable = false;
- }
- }
- catch (ConfigException e)
- {
- // This is bad - give up immediately.
- unacceptableReasons.add(e.getMessageObject());
- return false;
- }
- }
-
- // The bind DN patterns may be malformed.
- if (!configuration.getAllowedBindDN().isEmpty())
- {
- try
- {
- BindDNConnectionCriteria.decode(configuration
- .getAllowedBindDN());
- }
- catch (DirectoryException e)
- {
- unacceptableReasons.add(e.getMessageObject());
- isAcceptable = false;
- }
- }
-
- return isAcceptable;
- }
-
-
-
- // Decodes connection criteria configuration.
- private static ConnectionCriteria decodeConnectionCriteriaConfiguration(
- NetworkGroupCfg configuration) throws ConfigException
- {
- List<ConnectionCriteria> filters =
- new LinkedList<ConnectionCriteria>();
-
- if (!configuration.getAllowedAuthMethod().isEmpty())
- {
- filters.add(new AuthMethodConnectionCriteria(configuration
- .getAllowedAuthMethod()));
- }
-
- if (!configuration.getAllowedBindDN().isEmpty())
- {
- try
- {
- filters.add(BindDNConnectionCriteria.decode(configuration
- .getAllowedBindDN()));
- }
- catch (DirectoryException e)
- {
- throw new ConfigException(e.getMessageObject());
- }
- }
-
- if (!configuration.getAllowedClient().isEmpty()
- || !configuration.getDeniedClient().isEmpty())
- {
- filters.add(new IPConnectionCriteria(configuration
- .getAllowedClient(), configuration.getDeniedClient()));
- }
-
- if (!configuration.getAllowedProtocol().isEmpty())
- {
- filters.add(new ProtocolConnectionCriteria(configuration
- .getAllowedProtocol()));
- }
-
- if (configuration.isIsSecurityMandatory())
- {
- filters.add(SecurityConnectionCriteria.SECURITY_REQUIRED);
- }
-
- if (filters.isEmpty())
- {
- return ConnectionCriteria.TRUE;
- }
- else
- {
- return new ANDConnectionCriteria(filters);
- }
- }
-
-
-
- /**
- * Gets the name of the network group configuration.
- *
- * @param configuration
- * The configuration.
- * @return The network group name.
- */
- private static String getNameFromConfiguration(NetworkGroupCfg configuration)
- {
- DN dn = configuration.dn();
- return dn.rdn().getAttributeValue(0).toString();
- }
-
-
-
- // Determines whether or not the new network group configuration's
- // implementation class is acceptable.
- private static boolean isNetworkGroupQOSPolicyConfigurationAcceptable(
- QOSPolicyCfg policyConfiguration,
- List<LocalizableMessage> unacceptableReasons)
- {
- String className = policyConfiguration.getJavaClass();
- QOSPolicyCfgDefn d = QOSPolicyCfgDefn.getInstance();
- ClassPropertyDefinition pd = d.getJavaClassPropertyDefinition();
-
- // Validate the configuration.
- try
- {
- Class<? extends QOSPolicyFactory> theClass =
- pd.loadClass(className, QOSPolicyFactory.class);
- QOSPolicyFactory factory = theClass.newInstance();
-
- return factory.isConfigurationAcceptable(policyConfiguration, unacceptableReasons);
- }
- catch (Exception e)
- {
- logger.traceException(e);
-
- unacceptableReasons
- .add(ERR_CONFIG_NETWORK_GROUP_POLICY_CANNOT_INITIALIZE.get(
- className, policyConfiguration.dn(), stackTraceToSingleLineString(e)));
- return false;
- }
- }
-
-
-
- // Change listener (active for user network groups).
- private final ChangeListener changeListener;
-
- // Current configuration (active for user network groups).
- private NetworkGroupCfg configuration = null;
-
// The network group connection criteria.
private ConnectionCriteria criteria = ConnectionCriteria.TRUE;
@@ -674,9 +263,6 @@
private final Map<DN, QOSPolicy> policies =
new ConcurrentHashMap<DN, QOSPolicy>();
- // Add/delete policy listener (active for user network groups).
- private final QOSPolicyListener policyListener;
-
// The network group priority.
private int priority = 100;
@@ -714,29 +300,8 @@
ADMIN_NETWORK_GROUP_NAME.equals(networkGroupID);
this.isDefaultNetworkGroup =
DEFAULT_NETWORK_GROUP_NAME.equals(networkGroupID);
- this.configuration = null;
- this.changeListener = null;
- this.policyListener = null;
}
-
-
- /**
- * Creates a new user network group using the provided configuration.
- */
- private NetworkGroup(NetworkGroupCfg configuration)
- {
- this.networkGroupID = getNameFromConfiguration(configuration);
- this.isInternalNetworkGroup = false;
- this.isAdminNetworkGroup = false;
- this.isDefaultNetworkGroup = false;
- this.configuration = configuration;
- this.changeListener = new ChangeListener();
- this.policyListener = new QOSPolicyListener();
- }
-
-
-
/**
* Adds a connection to the group.
*
@@ -938,21 +503,6 @@
*/
void finalizeNetworkGroup()
{
- if (configuration != null)
- {
- // Finalization specific to user network groups.
- deregister();
-
- // Remove all change listeners.
- configuration.removeChangeListener(changeListener);
- configuration
- .removeNetworkGroupQOSPolicyAddListener(policyListener);
- configuration
- .removeNetworkGroupQOSPolicyDeleteListener(policyListener);
-
- configuration = null;
- }
-
// Clean up policies.
for (QOSPolicy policy : policies.values())
{
diff --git a/opendj3-server-dev/src/server/org/opends/server/core/networkgroups/NetworkGroupPlugin.java b/opendj3-server-dev/src/server/org/opends/server/core/networkgroups/NetworkGroupPlugin.java
deleted file mode 100644
index 2bcc732..0000000
--- a/opendj3-server-dev/src/server/org/opends/server/core/networkgroups/NetworkGroupPlugin.java
+++ /dev/null
@@ -1,441 +0,0 @@
-/*
- * CDDL HEADER START
- *
- * The contents of this file are subject to the terms of the
- * Common Development and Distribution License, Version 1.0 only
- * (the "License"). You may not use this file except in compliance
- * with the License.
- *
- * You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
- * or http://forgerock.org/license/CDDLv1.0.html.
- * See the License for the specific language governing permissions
- * and limitations under the License.
- *
- * When distributing Covered Code, include this CDDL HEADER in each
- * file and include the License file at legal-notices/CDDLv1_0.txt.
- * If applicable, add the following below this CDDL HEADER, with the
- * fields enclosed by brackets "[]" replaced with your own identifying
- * information:
- * Portions Copyright [yyyy] [name of copyright owner]
- *
- * CDDL HEADER END
- *
- *
- * Copyright 2006-2009 Sun Microsystems, Inc.
- * Portions Copyright 2014 ForgeRock AS
- */
-package org.opends.server.core.networkgroups;
-
-
-
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Set;
-
-import org.forgerock.i18n.LocalizableMessage;
-import org.opends.server.admin.server.ConfigurationChangeListener;
-import org.opends.server.admin.std.meta.PluginCfgDefn;
-import org.opends.server.admin.std.server.NetworkGroupPluginCfg;
-import org.opends.server.admin.std.server.PluginCfg;
-import org.opends.server.api.ClientConnection;
-import org.opends.server.api.plugin.*;
-import org.forgerock.opendj.config.server.ConfigException;
-import org.opends.server.types.AuthenticationType;
-import org.opends.server.types.ConfigChangeResult;
-import org.opends.server.types.DirectoryException;
-import org.opends.server.types.DisconnectReason;
-import org.opends.server.types.DN;
-import org.forgerock.opendj.ldap.ResultCode;
-
-import org.opends.server.types.operation.PreParseAddOperation;
-import org.opends.server.types.operation.PreParseBindOperation;
-import org.opends.server.types.operation.PreParseCompareOperation;
-import org.opends.server.types.operation.PreParseDeleteOperation;
-import org.opends.server.types.operation.PreParseExtendedOperation;
-import org.opends.server.types.operation.PreParseModifyOperation;
-import org.opends.server.types.operation.PreParseModifyDNOperation;
-import org.opends.server.types.operation.PreParseSearchOperation;
-import org.opends.server.types.operation.PreParseUnbindOperation;
-import org.opends.server.types.operation.PostResponseBindOperation;
-import org.opends.server.types.operation.PostResponseExtendedOperation;
-import org.opends.server.types.operation.PreParseOperation;
-import static org.opends.messages.PluginMessages.*;
-import static org.opends.server.util.ServerConstants.*;
-
-
-/**
- * This class implements a Directory Server plugin that will evaluate
- * the appropriate network group for each client connection.
- * A network group enforces specific resource limits.
- */
-public final class NetworkGroupPlugin
- extends DirectoryServerPlugin<NetworkGroupPluginCfg>
- implements ConfigurationChangeListener<NetworkGroupPluginCfg>
-{
-
- /**
- * Creates a new instance of this Directory Server plugin. Every plugin must
- * implement a default constructor (it is the only one that will be used to
- * create plugins defined in the configuration), and every plugin constructor
- * must call <CODE>super()</CODE> as its first element.
- */
- public NetworkGroupPlugin()
- {
- super();
- }
-
- /**
- * {@inheritDoc}
- */
- @Override()
- public final void initializePlugin(Set<PluginType> pluginTypes,
- NetworkGroupPluginCfg configuration)
- throws ConfigException
- {
- // Make sure that the plugin has been enabled for the appropriate types.
- for (PluginType t : pluginTypes)
- {
- switch (t)
- {
- case POST_CONNECT:
- case PRE_PARSE_ADD:
- case PRE_PARSE_BIND:
- case PRE_PARSE_COMPARE:
- case PRE_PARSE_DELETE:
- case PRE_PARSE_EXTENDED:
- case PRE_PARSE_MODIFY:
- case PRE_PARSE_MODIFY_DN:
- case PRE_PARSE_SEARCH:
- case PRE_PARSE_UNBIND:
- case POST_RESPONSE_BIND:
- case POST_RESPONSE_EXTENDED:
- // These are acceptable
- break;
- default:
- throw new ConfigException(ERR_PLUGIN_NETWORKGROUP_INVALID_PLUGIN_TYPE.get(t));
- }
- }
- }
-
- /**
- * {@inheritDoc}
- */
- @Override()
- public final void finalizePlugin()
- {
- }
-
- /**
- * Performs resource limits checks and request filtering policy checks.
- *
- * @param connection The client connection on which the operation is done
- * @param operation The operation to be performed
- * @param fullCheck boolean indicating whether all the resource limit checks
- * must be performed or only a limited set
- * @param messages The list of error messages returned during the checking
- */
- private boolean checkNetworkGroup(
- ClientConnection connection,
- PreParseOperation operation,
- boolean fullCheck,
- ArrayList<LocalizableMessage> messages)
- {
- if (!connection.getNetworkGroup().checkResourceLimitsPolicy(
- connection, operation, fullCheck, messages)) {
- return false;
- }
- if (operation != null) {
- if (!connection.getNetworkGroup().checkRequestFilteringPolicy(
- operation, messages)) {
- return false;
- }
- }
- return true;
- }
-
- /**
- * Sets the network group and checks resource limits + request
- * filtering policy.
- *
- * @param connection The client connection on which the operation is
- * executed
- */
- private boolean setAndCheckNetworkGroup(
- ClientConnection connection,
- PreParseOperation operation,
- ArrayList<LocalizableMessage> messages)
- {
- boolean fullCheck = false;
- if (connection.mustEvaluateNetworkGroup(operation)) {
- NetworkGroup ng = NetworkGroup.findMatchingNetworkGroup(connection);
- if (ng != connection.getNetworkGroup()) {
- connection.setNetworkGroup(ng);
- fullCheck = true;
- }
- connection.mustEvaluateNetworkGroup(false);
- }
-
- return (checkNetworkGroup(connection, operation, fullCheck, messages));
- }
-
- /**
- * {@inheritDoc}
- */
- @Override()
- public final PluginResult.PostConnect
- doPostConnect(ClientConnection clientConnection)
- {
- ArrayList<LocalizableMessage> messages = new ArrayList<LocalizableMessage>();
- if (setAndCheckNetworkGroup(clientConnection, null, messages)) {
- return PluginResult.PostConnect.continueConnectProcessing();
- } else {
- return PluginResult.PostConnect.disconnectClient(
- DisconnectReason.ADMIN_LIMIT_EXCEEDED, true, messages.get(0));
- }
- }
-
- /**
- * {@inheritDoc}
- */
- @Override
- public PluginResult.PreParse
- doPreParse(PreParseAddOperation addOperation) {
- ArrayList<LocalizableMessage> messages = new ArrayList<LocalizableMessage>();
- ClientConnection connection = addOperation.getClientConnection();
- if (setAndCheckNetworkGroup(connection, addOperation, messages)) {
- return PluginResult.PreParse.continueOperationProcessing();
- } else {
- return PluginResult.PreParse.stopProcessing(
- ResultCode.ADMIN_LIMIT_EXCEEDED, messages.get(0));
- }
- }
-
- /**
- * {@inheritDoc}
- */
- @Override
- public PluginResult.PreParse
- doPreParse(PreParseBindOperation bindOperation) {
- ArrayList<LocalizableMessage> messages = new ArrayList<LocalizableMessage>();
- ClientConnection connection = bindOperation.getClientConnection();
- boolean fullCheck = false;
-
- if (connection.mustEvaluateNetworkGroup(bindOperation)) {
- DN dn;
- try {
- dn = DN.decode(bindOperation.getRawBindDN());
- } catch (DirectoryException ex) {
- return PluginResult.PreParse.stopProcessing(ResultCode.OPERATIONS_ERROR,
- ex.getMessageObject());
- }
- AuthenticationType authType = bindOperation.getAuthenticationType();
-
- NetworkGroup ng = NetworkGroup.findBindMatchingNetworkGroup(connection,
- dn, authType, connection.isSecure());
-
- if (ng != connection.getNetworkGroup()) {
- connection.setNetworkGroup(ng);
- fullCheck = true;
- }
- connection.mustEvaluateNetworkGroup(false);
- }
- if (!checkNetworkGroup(connection, bindOperation, fullCheck, messages)) {
- return PluginResult.PreParse.stopProcessing(
- ResultCode.ADMIN_LIMIT_EXCEEDED, messages.get(0));
- }
- return PluginResult.PreParse.continueOperationProcessing();
- }
-
-
- /**
- * {@inheritDoc}
- */
- @Override
- public PluginResult.PreParse
- doPreParse(PreParseCompareOperation compareOperation) {
- ArrayList<LocalizableMessage> messages = new ArrayList<LocalizableMessage>();
- ClientConnection connection = compareOperation.getClientConnection();
- if (setAndCheckNetworkGroup(connection, compareOperation, messages)) {
- return PluginResult.PreParse.continueOperationProcessing();
- } else {
- return PluginResult.PreParse.stopProcessing(
- ResultCode.ADMIN_LIMIT_EXCEEDED, messages.get(0));
- }
- }
-
- /**
- * {@inheritDoc}
- */
- @Override
- public PluginResult.PreParse
- doPreParse(PreParseDeleteOperation deleteOperation) {
- ArrayList<LocalizableMessage> messages = new ArrayList<LocalizableMessage>();
- ClientConnection connection = deleteOperation.getClientConnection();
- if (setAndCheckNetworkGroup(connection, deleteOperation, messages)) {
- return PluginResult.PreParse.continueOperationProcessing();
- } else {
- return PluginResult.PreParse.stopProcessing(
- ResultCode.ADMIN_LIMIT_EXCEEDED, messages.get(0));
- }
- }
-
- /**
- * {@inheritDoc}
- */
- @Override
- public PluginResult.PreParse
- doPreParse(PreParseExtendedOperation extendedOperation) {
- ArrayList<LocalizableMessage> messages = new ArrayList<LocalizableMessage>();
- ClientConnection connection = extendedOperation.getClientConnection();
- if (setAndCheckNetworkGroup(connection, extendedOperation, messages)) {
- return PluginResult.PreParse.continueOperationProcessing();
- } else {
- return PluginResult.PreParse.stopProcessing(
- ResultCode.ADMIN_LIMIT_EXCEEDED, messages.get(0));
- }
- }
-
- /**
- * {@inheritDoc}
- */
- @Override
- public PluginResult.PreParse
- doPreParse(PreParseModifyOperation modifyOperation) {
- ArrayList<LocalizableMessage> messages = new ArrayList<LocalizableMessage>();
- ClientConnection connection = modifyOperation.getClientConnection();
- if (setAndCheckNetworkGroup(connection, modifyOperation, messages)) {
- return PluginResult.PreParse.continueOperationProcessing();
- } else {
- return PluginResult.PreParse.stopProcessing(
- ResultCode.ADMIN_LIMIT_EXCEEDED, messages.get(0));
- }
- }
-
- /**
- * {@inheritDoc}
- */
- @Override
- public PluginResult.PreParse
- doPreParse(PreParseModifyDNOperation modifyDNOperation) {
- ArrayList<LocalizableMessage> messages = new ArrayList<LocalizableMessage>();
- ClientConnection connection = modifyDNOperation.getClientConnection();
- if (setAndCheckNetworkGroup(connection, modifyDNOperation, messages)) {
- return PluginResult.PreParse.continueOperationProcessing();
- } else {
- return PluginResult.PreParse.stopProcessing(
- ResultCode.ADMIN_LIMIT_EXCEEDED, messages.get(0));
- }
- }
-
- /**
- * {@inheritDoc}
- */
- @Override
- public PluginResult.PreParse
- doPreParse(PreParseSearchOperation searchOperation) {
- ArrayList<LocalizableMessage> messages = new ArrayList<LocalizableMessage>();
- ClientConnection connection = searchOperation.getClientConnection();
- if (setAndCheckNetworkGroup(connection, searchOperation, messages)) {
- return PluginResult.PreParse.continueOperationProcessing();
- } else {
- return PluginResult.PreParse.stopProcessing(
- ResultCode.ADMIN_LIMIT_EXCEEDED, messages.get(0));
- }
- }
-
- /**
- * {@inheritDoc}
- */
- @Override
- public PluginResult.PreParse
- doPreParse(PreParseUnbindOperation unbindOperation) {
- ClientConnection connection = unbindOperation.getClientConnection();
- connection.mustEvaluateNetworkGroup(true);
- return PluginResult.PreParse.continueOperationProcessing();
- }
-
- /**
- * {@inheritDoc}
- */
- @Override
- public PluginResult.PostResponse
- doPostResponse(PostResponseBindOperation bindOperation) {
- if (bindOperation.getResultCode() != ResultCode.SUCCESS) {
- bindOperation.getClientConnection().mustEvaluateNetworkGroup(true);
- }
- return PluginResult.PostResponse.continueOperationProcessing();
- }
-
- /**
- * {@inheritDoc}
- */
- @Override
- public PluginResult.PostResponse
- doPostResponse(PostResponseExtendedOperation extendedOperation) {
- if ((extendedOperation.getRequestOID().equals(OID_START_TLS_REQUEST))
- && (extendedOperation.getResultCode() == ResultCode.SUCCESS)) {
- extendedOperation.getClientConnection().mustEvaluateNetworkGroup(true);
- }
- return PluginResult.PostResponse.continueOperationProcessing();
- }
-
- /**
- * {@inheritDoc}
- */
- @Override()
- public boolean isConfigurationAcceptable(PluginCfg configuration,
- List<LocalizableMessage> unacceptableReasons)
- {
- NetworkGroupPluginCfg cfg = (NetworkGroupPluginCfg) configuration;
- return isConfigurationChangeAcceptable(cfg, unacceptableReasons);
- }
-
- /**
- * {@inheritDoc}
- */
- public boolean isConfigurationChangeAcceptable(
- NetworkGroupPluginCfg configuration,
- List<LocalizableMessage> unacceptableReasons)
- {
- boolean configAcceptable = true;
-
- // Ensure that the set of plugin types contains only LDIF import and
- // pre-operation add.
- for (PluginCfgDefn.PluginType pluginType : configuration.getPluginType())
- {
- switch (pluginType)
- {
- case POSTCONNECT:
- case PREPARSEADD:
- case PREPARSEBIND:
- case PREPARSECOMPARE:
- case PREPARSEDELETE:
- case PREPARSEEXTENDED:
- case PREPARSEMODIFY:
- case PREPARSEMODIFYDN:
- case PREPARSESEARCH:
- case PREPARSEUNBIND:
- case POSTRESPONSEBIND:
- case POSTRESPONSEEXTENDED:
- // These are acceptable.
- break;
-
-
- default:
- unacceptableReasons.add(ERR_PLUGIN_NETWORKGROUP_INVALID_PLUGIN_TYPE.get(pluginType));
- configAcceptable = false;
- }
- }
-
- return configAcceptable;
- }
-
- /**
- * {@inheritDoc}
- */
- public ConfigChangeResult applyConfigurationChange(
- NetworkGroupPluginCfg configuration)
- {
- return new ConfigChangeResult(ResultCode.SUCCESS, false);
- }
-}
diff --git a/opendj3-server-dev/src/server/org/opends/server/core/networkgroups/ProtocolConnectionCriteria.java b/opendj3-server-dev/src/server/org/opends/server/core/networkgroups/ProtocolConnectionCriteria.java
deleted file mode 100644
index 3eb9476..0000000
--- a/opendj3-server-dev/src/server/org/opends/server/core/networkgroups/ProtocolConnectionCriteria.java
+++ /dev/null
@@ -1,108 +0,0 @@
-/*
- * CDDL HEADER START
- *
- * The contents of this file are subject to the terms of the
- * Common Development and Distribution License, Version 1.0 only
- * (the "License"). You may not use this file except in compliance
- * with the License.
- *
- * You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
- * or http://forgerock.org/license/CDDLv1.0.html.
- * See the License for the specific language governing permissions
- * and limitations under the License.
- *
- * When distributing Covered Code, include this CDDL HEADER in each
- * file and include the License file at legal-notices/CDDLv1_0.txt.
- * If applicable, add the following below this CDDL HEADER, with the
- * fields enclosed by brackets "[]" replaced with your own identifying
- * information:
- * Portions Copyright [yyyy] [name of copyright owner]
- *
- * CDDL HEADER END
- *
- *
- * Copyright 2009 Sun Microsystems, Inc.
- */
-package org.opends.server.core.networkgroups;
-
-
-
-import java.util.Collection;
-import java.util.EnumSet;
-import java.util.Set;
-
-import org.opends.server.admin.std.meta.NetworkGroupCfgDefn.AllowedProtocol;
-import org.opends.server.api.ClientConnection;
-import org.opends.server.types.AuthenticationType;
-import org.opends.server.types.DN;
-
-
-
-/**
- * A connection criteria which matches connections which use a permitted
- * protocol.
- */
-final class ProtocolConnectionCriteria implements ConnectionCriteria
-{
-
- // The set of allowed protocols.
- private final Set<AllowedProtocol> protocols;
-
-
-
- /**
- * Creates a new protocol connection criteria using the provided
- * allowed protocols.
- *
- * @param protocols
- * The allowed protocols.
- */
- public ProtocolConnectionCriteria(
- Collection<AllowedProtocol> protocols)
- {
- this.protocols = EnumSet.copyOf(protocols);
- }
-
-
-
- /**
- * {@inheritDoc}
- */
- public boolean matches(ClientConnection connection)
- {
- String protocolName =
- connection.getConnectionHandler().getProtocol();
-
- for (AllowedProtocol protocol : protocols)
- {
- switch (protocol)
- {
- case LDAP:
- if (protocolName.equals("LDAP"))
- {
- return true;
- }
- break;
- case LDAPS:
- if (protocolName.equals("LDAP+SSL"))
- {
- return true;
- }
- break;
- }
- }
-
- return false;
- }
-
-
-
- /**
- * {@inheritDoc}
- */
- public boolean willMatchAfterBind(ClientConnection connection,
- DN bindDN, AuthenticationType authType, boolean isSecure)
- {
- return matches(connection);
- }
-}
diff --git a/opendj3-server-dev/tests/unit-tests-testng/src/server/org/opends/server/core/networkgroups/AuthMethodConnectionCriteriaTest.java b/opendj3-server-dev/tests/unit-tests-testng/src/server/org/opends/server/core/networkgroups/AuthMethodConnectionCriteriaTest.java
deleted file mode 100644
index bf12e06..0000000
--- a/opendj3-server-dev/tests/unit-tests-testng/src/server/org/opends/server/core/networkgroups/AuthMethodConnectionCriteriaTest.java
+++ /dev/null
@@ -1,202 +0,0 @@
-/*
- * CDDL HEADER START
- *
- * The contents of this file are subject to the terms of the
- * Common Development and Distribution License, Version 1.0 only
- * (the "License"). You may not use this file except in compliance
- * with the License.
- *
- * You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
- * or http://forgerock.org/license/CDDLv1.0.html.
- * See the License for the specific language governing permissions
- * and limitations under the License.
- *
- * When distributing Covered Code, include this CDDL HEADER in each
- * file and include the License file at legal-notices/CDDLv1_0.txt.
- * If applicable, add the following below this CDDL HEADER, with the
- * fields enclosed by brackets "[]" replaced with your own identifying
- * information:
- * Portions Copyright [yyyy] [name of copyright owner]
- *
- * CDDL HEADER END
- *
- *
- * Copyright 2009 Sun Microsystems, Inc.
- * Portions Copyright 2014 ForgeRock AS
- */
-package org.opends.server.core.networkgroups;
-
-
-
-import java.util.Collection;
-import java.util.Collections;
-import java.util.EnumSet;
-
-import org.opends.server.DirectoryServerTestCase;
-import org.opends.server.TestCaseUtils;
-import org.opends.server.admin.std.meta.NetworkGroupCfgDefn.AllowedAuthMethod;
-import org.opends.server.api.ClientConnection;
-import org.opends.server.types.AuthenticationType;
-import org.opends.server.types.DN;
-import org.testng.Assert;
-import org.testng.annotations.BeforeClass;
-import org.testng.annotations.DataProvider;
-import org.testng.annotations.Test;
-
-
-
-/**
- * Unit tests for AuthMethodConnectionCriteria.
- */
-public class AuthMethodConnectionCriteriaTest extends
- DirectoryServerTestCase
-{
-
- /**
- * Sets up the environment for performing the tests in this suite.
- *
- * @throws Exception
- * if the environment could not be set up.
- */
- @BeforeClass
- public void setUp() throws Exception
- {
- TestCaseUtils.startServer();
- }
-
-
-
- /**
- * Returns test data for the following test cases.
- *
- * @return The test data for the following test cases.
- * @throws Exception
- * If an unexpected exception occurred.
- */
- @DataProvider(name = "testData")
- public Object[][] createTestData() throws Exception
- {
- return new Object[][] {
- { AllowedAuthMethod.ANONYMOUS,
- Collections.singleton(AllowedAuthMethod.ANONYMOUS), true },
- { AllowedAuthMethod.ANONYMOUS,
- Collections.singleton(AllowedAuthMethod.SIMPLE), false },
- { AllowedAuthMethod.ANONYMOUS,
- Collections.singleton(AllowedAuthMethod.SASL), false },
- { AllowedAuthMethod.SIMPLE,
- Collections.singleton(AllowedAuthMethod.ANONYMOUS), false },
- { AllowedAuthMethod.SIMPLE,
- Collections.singleton(AllowedAuthMethod.SIMPLE), true },
- { AllowedAuthMethod.SIMPLE,
- Collections.singleton(AllowedAuthMethod.SASL), false },
- { AllowedAuthMethod.SASL,
- Collections.singleton(AllowedAuthMethod.ANONYMOUS), false },
- { AllowedAuthMethod.SASL,
- Collections.singleton(AllowedAuthMethod.SIMPLE), false },
- { AllowedAuthMethod.SASL,
- Collections.singleton(AllowedAuthMethod.SASL), true },
- { AllowedAuthMethod.ANONYMOUS,
- EnumSet.noneOf(AllowedAuthMethod.class), false },
- { AllowedAuthMethod.SIMPLE,
- EnumSet.noneOf(AllowedAuthMethod.class), false },
- { AllowedAuthMethod.SASL,
- EnumSet.noneOf(AllowedAuthMethod.class), false },
- { AllowedAuthMethod.ANONYMOUS,
- EnumSet.allOf(AllowedAuthMethod.class), true },
- { AllowedAuthMethod.SIMPLE,
- EnumSet.allOf(AllowedAuthMethod.class), true },
- { AllowedAuthMethod.SASL,
- EnumSet.allOf(AllowedAuthMethod.class), true }, };
- }
-
-
-
- /**
- * Tests the matches method.
- *
- * @param clientAuthMethod
- * The client authentication method.
- * @param allowedAuthMethods
- * The set of allowed authentication methods.
- * @param expectedResult
- * The expected result.
- * @throws Exception
- * If an unexpected exception occurred.
- */
- @Test(dataProvider = "testData")
- public void testMatches(AllowedAuthMethod clientAuthMethod,
- Collection<AllowedAuthMethod> allowedAuthMethods,
- boolean expectedResult) throws Exception
- {
- DN bindDN;
-
- if (clientAuthMethod == AllowedAuthMethod.ANONYMOUS)
- {
- bindDN = DN.rootDN();
- }
- else
- {
- bindDN =
- DN.valueOf("cn=Directory Manager, cn=Root DNs, cn=config");
- }
-
- ClientConnection client =
- new MockClientConnection(12345, false, bindDN, clientAuthMethod);
-
- AuthMethodConnectionCriteria criteria =
- new AuthMethodConnectionCriteria(allowedAuthMethods);
- Assert.assertEquals(criteria.matches(client), expectedResult);
- }
-
-
-
- /**
- * Tests the willMatchAfterBind method.
- *
- * @param clientAuthMethod
- * The client authentication method.
- * @param allowedAuthMethods
- * The set of allowed authentication methods.
- * @param expectedResult
- * The expected result.
- * @throws Exception
- * If an unexpected exception occurred.
- */
- @Test(dataProvider = "testData")
- public void testWillMatchAfterBind(
- AllowedAuthMethod clientAuthMethod,
- Collection<AllowedAuthMethod> allowedAuthMethods,
- boolean expectedResult) throws Exception
- {
- ClientConnection client =
- new MockClientConnection(12345, false, DN.rootDN(),
- AllowedAuthMethod.ANONYMOUS);
-
- AuthenticationType authType;
- DN bindDN;
-
- switch (clientAuthMethod)
- {
- case ANONYMOUS:
- authType = null;
- bindDN = DN.rootDN();
- break;
- case SIMPLE:
- authType = AuthenticationType.SIMPLE;
- bindDN =
- DN.valueOf("cn=Directory Manager, cn=Root DNs, cn=config");
- break;
- default: // SASL
- authType = AuthenticationType.SASL;
- bindDN =
- DN.valueOf("cn=Directory Manager, cn=Root DNs, cn=config");
- break;
- }
-
- AuthMethodConnectionCriteria criteria =
- new AuthMethodConnectionCriteria(allowedAuthMethods);
- Assert.assertEquals(criteria.willMatchAfterBind(client, bindDN,
- authType, false), expectedResult);
- }
-
-}
diff --git a/opendj3-server-dev/tests/unit-tests-testng/src/server/org/opends/server/core/networkgroups/BindDNConnectionCriteriaTest.java b/opendj3-server-dev/tests/unit-tests-testng/src/server/org/opends/server/core/networkgroups/BindDNConnectionCriteriaTest.java
index a617560..fe56990 100644
--- a/opendj3-server-dev/tests/unit-tests-testng/src/server/org/opends/server/core/networkgroups/BindDNConnectionCriteriaTest.java
+++ b/opendj3-server-dev/tests/unit-tests-testng/src/server/org/opends/server/core/networkgroups/BindDNConnectionCriteriaTest.java
@@ -33,7 +33,6 @@
import org.opends.server.DirectoryServerTestCase;
import org.opends.server.TestCaseUtils;
-import org.opends.server.admin.std.meta.NetworkGroupCfgDefn.AllowedAuthMethod;
import org.opends.server.api.ClientConnection;
import org.opends.server.authorization.dseecompat.PatternDN;
import org.opends.server.types.AuthenticationType;
@@ -112,9 +111,7 @@
Collection<PatternDN> allowedDNPatterns, boolean expectedResult)
throws Exception
{
- ClientConnection client =
- new MockClientConnection(12345, false, clientBindDN,
- AllowedAuthMethod.SIMPLE);
+ ClientConnection client = new MockClientConnection(12345, false, clientBindDN);
BindDNConnectionCriteria criteria = new BindDNConnectionCriteria(new ArrayList<PatternDN>(allowedDNPatterns));
assertEquals(criteria.matches(client), expectedResult);
@@ -139,9 +136,7 @@
Collection<PatternDN> allowedDNPatterns, boolean expectedResult)
throws Exception
{
- ClientConnection client =
- new MockClientConnection(12345, false, DN.rootDN(),
- AllowedAuthMethod.ANONYMOUS);
+ ClientConnection client = new MockClientConnection(12345, false, null);
BindDNConnectionCriteria criteria = new BindDNConnectionCriteria(new ArrayList<PatternDN>(allowedDNPatterns));
assertEquals(criteria.willMatchAfterBind(client, clientBindDN,
diff --git a/opendj3-server-dev/tests/unit-tests-testng/src/server/org/opends/server/core/networkgroups/IPConnectionCriteriaTest.java b/opendj3-server-dev/tests/unit-tests-testng/src/server/org/opends/server/core/networkgroups/IPConnectionCriteriaTest.java
index b23c834..8940c8c 100644
--- a/opendj3-server-dev/tests/unit-tests-testng/src/server/org/opends/server/core/networkgroups/IPConnectionCriteriaTest.java
+++ b/opendj3-server-dev/tests/unit-tests-testng/src/server/org/opends/server/core/networkgroups/IPConnectionCriteriaTest.java
@@ -34,7 +34,6 @@
import org.forgerock.opendj.ldap.AddressMask;
import org.opends.server.DirectoryServerTestCase;
import org.opends.server.TestCaseUtils;
-import org.opends.server.admin.std.meta.NetworkGroupCfgDefn.AllowedAuthMethod;
import org.opends.server.api.ClientConnection;
import org.opends.server.types.AuthenticationType;
import org.opends.server.types.DN;
@@ -77,9 +76,7 @@
{
AddressMask matchAnything = AddressMask.valueOf("*.*.*.*");
AddressMask matchNothing = AddressMask.valueOf("0.0.0.0");
- ClientConnection client =
- new MockClientConnection(12345, false, DN.rootDN(),
- AllowedAuthMethod.ANONYMOUS);
+ ClientConnection client = new MockClientConnection(12345, false, null);
Collection<AddressMask> emptyMasks = Collections.emptySet();
diff --git a/opendj3-server-dev/tests/unit-tests-testng/src/server/org/opends/server/core/networkgroups/MockClientConnection.java b/opendj3-server-dev/tests/unit-tests-testng/src/server/org/opends/server/core/networkgroups/MockClientConnection.java
index 844982e..e2768f7 100644
--- a/opendj3-server-dev/tests/unit-tests-testng/src/server/org/opends/server/core/networkgroups/MockClientConnection.java
+++ b/opendj3-server-dev/tests/unit-tests-testng/src/server/org/opends/server/core/networkgroups/MockClientConnection.java
@@ -31,7 +31,6 @@
import java.util.Collection;
import org.forgerock.i18n.LocalizableMessage;
-import org.opends.server.admin.std.meta.NetworkGroupCfgDefn.AllowedAuthMethod;
import org.opends.server.api.ClientConnection;
import org.opends.server.api.ConnectionHandler;
import org.opends.server.core.DirectoryServer;
@@ -57,30 +56,21 @@
* Is the client using a secure connection.
* @param bindDN
* The client bind DN.
- * @param authMethod
- * The client authentication method.
* @throws Exception
* If an unexpected exception occurred.
*/
- public MockClientConnection(int clientPort, boolean isSecure,
- DN bindDN, AllowedAuthMethod authMethod) throws Exception
+ public MockClientConnection(int clientPort, boolean isSecure, DN bindDN) throws Exception
{
this.clientPort = clientPort;
this.isSecure = isSecure;
-
- switch (authMethod)
+ if (bindDN != null)
{
- case ANONYMOUS:
- this.authInfo = new AuthenticationInfo();
- break;
- case SIMPLE:
Entry simpleUser = DirectoryServer.getEntry(bindDN);
this.authInfo = new AuthenticationInfo(simpleUser, bindDN, true);
- break;
- default: // SASL
- Entry saslUser = DirectoryServer.getEntry(bindDN);
- this.authInfo = new AuthenticationInfo(saslUser, "external", true);
- break;
+ }
+ else
+ {
+ this.authInfo = new AuthenticationInfo();
}
}
diff --git a/opendj3-server-dev/tests/unit-tests-testng/src/server/org/opends/server/core/networkgroups/NetworkGroupTest.java b/opendj3-server-dev/tests/unit-tests-testng/src/server/org/opends/server/core/networkgroups/NetworkGroupTest.java
index 0f6c922..9f6b478 100644
--- a/opendj3-server-dev/tests/unit-tests-testng/src/server/org/opends/server/core/networkgroups/NetworkGroupTest.java
+++ b/opendj3-server-dev/tests/unit-tests-testng/src/server/org/opends/server/core/networkgroups/NetworkGroupTest.java
@@ -27,19 +27,25 @@
package org.opends.server.core.networkgroups;
import java.util.ArrayList;
-import java.util.Collections;
import org.forgerock.opendj.ldap.ModificationType;
import org.forgerock.opendj.ldap.ResultCode;
import org.forgerock.opendj.ldap.SearchScope;
import org.opends.server.DirectoryServerTestCase;
import org.opends.server.TestCaseUtils;
-import org.opends.server.admin.std.meta.NetworkGroupCfgDefn.AllowedAuthMethod;
import org.opends.server.api.ClientConnection;
-import org.opends.server.core.*;
+import org.opends.server.core.ModifyOperation;
+import org.opends.server.core.SearchOperation;
+import org.opends.server.core.Workflow;
+import org.opends.server.core.WorkflowImpl;
import org.opends.server.protocols.internal.InternalClientConnection;
import org.opends.server.protocols.internal.SearchRequest;
-import org.opends.server.types.*;
+import org.opends.server.types.Attribute;
+import org.opends.server.types.Attributes;
+import org.opends.server.types.DN;
+import org.opends.server.types.DirectoryException;
+import org.opends.server.types.InitializationException;
+import org.opends.server.types.Modification;
import org.opends.server.util.StaticUtils;
import org.opends.server.workflowelement.WorkflowElement;
import org.testng.annotations.BeforeClass;
@@ -273,42 +279,6 @@
};
}
-
- /** Provides the priorities for 3 network groups. */
- @DataProvider (name = "PrioritySet_0")
- public Object[][] initPrioritySet_0()
- {
- return new Object[][] {
- { 1, 2, 3 },
- { 1, 3, 2 },
- { 2, 1, 3 },
- { 2, 3, 1 },
- { 3, 1, 2 },
- { 3, 2, 1 }
- };
- }
-
-
- /**
- * Provides a bind DN filter to build network group criteria
- * and the expected result (true if the connection with
- * cn=Directory Manager, cn =Root DNs, cn=config should match the
- * network group, false if it should go into the default network group).
- */
- @DataProvider (name = "BindFilterSet_0")
- public Object[][] initBindFilterSet_0()
- {
- return new Object[][] {
- { "*, cn=Root DNs, cn=config", true },
- { "cn=Dir*, cn=Root DNs, cn=config", true },
- { "cn=*", false },
- { "uid=*", false },
- { "**, cn=config", true },
- { "*, cn=config", false }
- };
- }
-
-
//===========================================================================
// T E S T C A S E S
//===========================================================================
@@ -797,168 +767,6 @@
networkGroup2.deregister();
}
-
- /**
- * Tests the mechanism to attribute a network group to a client connection,
- * based on the authentication method.
- */
- @Test (dataProvider = "PrioritySet_0", groups = "virtual")
- public void testNetworkGroupAuthenticationMethodCriteria(
- int prio1,
- int prio2,
- int prio3)
- throws Exception
- {
- // Create a AuthMethodCriteria for anonymous connections
- AuthMethodConnectionCriteria authCriteria1 =
- new AuthMethodConnectionCriteria(Collections
- .singleton(AllowedAuthMethod.ANONYMOUS));
-
- // Create a AuthMethodCriteria for simple bind connections
- AuthMethodConnectionCriteria authCriteria2 =
- new AuthMethodConnectionCriteria(Collections
- .singleton(AllowedAuthMethod.SIMPLE));
-
- // Create a AuthMethodCriteria for sasl connections
- AuthMethodConnectionCriteria authCriteria3 =
- new AuthMethodConnectionCriteria(Collections
- .singleton(AllowedAuthMethod.SASL));
-
-
- // Create and register the network group with the server.
- NetworkGroup networkGroup1 = new NetworkGroup("anonymous_group");
- networkGroup1.register();
- networkGroup1.setConnectionCriteria(authCriteria1);
- networkGroup1.setNetworkGroupPriority(prio1);
- NetworkGroup networkGroup2 = new NetworkGroup("simplebind_group");
- networkGroup2.register();
- networkGroup2.setConnectionCriteria(authCriteria2);
- networkGroup2.setNetworkGroupPriority(prio2);
- NetworkGroup networkGroup3 = new NetworkGroup("sasl_group");
- networkGroup3.register();
- networkGroup3.setConnectionCriteria(authCriteria3);
- networkGroup3.setNetworkGroupPriority(prio3);
-
- // Create a new client connection, with anonymous authentication
- ClientConnection connection1 = new InternalClientConnection(DN.NULL_DN);
- NetworkGroup ng = NetworkGroup.findMatchingNetworkGroup(connection1);
- assertEquals(ng, networkGroup1);
-
- // Use simple bind on this connection
- Entry userEntry = DirectoryServer.getEntry(
- DN.valueOf("cn=Directory Manager, cn=Root DNs, cn=config"));
- ClientConnection connection2 = new InternalClientConnection(
- new AuthenticationInfo(userEntry, userEntry.getName(), true));
- ng = NetworkGroup.findMatchingNetworkGroup(connection2);
- assertEquals(ng, networkGroup2);
-
- // Use SASL on this connection
- ClientConnection connection3 = new InternalClientConnection(
- new AuthenticationInfo(userEntry, "external", true));
- ng = NetworkGroup.findMatchingNetworkGroup(connection3);
- assertEquals(ng, networkGroup3);
-
- // Clean the network group
- networkGroup1.deregister();
- networkGroup2.deregister();
- networkGroup3.deregister();
- }
-
-
- /**
- * Tests the mechanism to attribute a network group to a client connection,
- * based on the bind dn filter.
- */
- @Test (dataProvider = "BindFilterSet_0", groups = "virtual")
- public void testNetworkGroupBindDnCriteria(
- String bindDnFilter,
- boolean match)
- throws Exception
- {
- // Create a BindDnFilterCriteria
- BindDNConnectionCriteria bindCriteria =
- BindDNConnectionCriteria.decode(Collections
- .singleton(bindDnFilter));
-
- // Create and register the network group with the server.
- NetworkGroup networkGroup = new NetworkGroup("bindfilter_group");
- networkGroup.register();
- networkGroup.setConnectionCriteria(bindCriteria);
-
- NetworkGroup defaultNg = NetworkGroup.getDefaultNetworkGroup();
-
- // Create a new client connection, with anonymous authentication
- // It should match the default network group
- // as it has no bind information
- ClientConnection connection1 = new InternalClientConnection(DN.NULL_DN);
- NetworkGroup ng = NetworkGroup.findMatchingNetworkGroup(connection1);
- assertEquals(ng, defaultNg);
-
- // Use simple bind on this connection
- Entry userEntry = DirectoryServer.getEntry(
- DN.valueOf("cn=Directory Manager, cn=Root DNs, cn=config"));
- ClientConnection connection2 = new InternalClientConnection(
- new AuthenticationInfo(userEntry, userEntry.getName(), true));
- ng = NetworkGroup.findMatchingNetworkGroup(connection2);
- if (match) {
- assertEquals(ng, networkGroup);
- } else {
- assertEquals(ng, defaultNg);
- }
-
- // Use SASL on this connection
- ClientConnection connection3 = new InternalClientConnection(
- new AuthenticationInfo(userEntry, "external", true));
- ng = NetworkGroup.findMatchingNetworkGroup(connection3);
- if (match) {
- assertEquals(ng, networkGroup);
- } else {
- assertEquals(ng, defaultNg);
- }
-
- // Clean the network group
- networkGroup.deregister();
- }
-
-
- /**
- * Tests the mechanism to attribute a network group to a client connection,
- * based on the bind dn filter.
- */
- @Test (groups = "virtual")
- public void testNetworkGroupSecurityCriteria()
- throws Exception
- {
- // Create a SecurityCriteria
- SecurityConnectionCriteria secCriteria =
- SecurityConnectionCriteria.SECURITY_REQUIRED;
-
- // Create and register the network group with the server.
- NetworkGroup networkGroup = new NetworkGroup("secured_group");
- networkGroup.register();
- networkGroup.setConnectionCriteria(secCriteria);
-
- // Create a new client connection, with anonymous authentication
- // It should match the secured group as internal connections
- // are secured
- ClientConnection connection1 = new InternalClientConnection(DN.NULL_DN);
- NetworkGroup ng = NetworkGroup.findMatchingNetworkGroup(connection1);
- assertEquals(ng, networkGroup);
-
- // now change the criteria (security not mandatory)
- secCriteria = SecurityConnectionCriteria.SECURITY_NOT_REQUIRED;
- networkGroup.setConnectionCriteria(secCriteria);
-
- // connection1 should match the networkGroup, even though it is not
- // secured
- ng = NetworkGroup.findMatchingNetworkGroup(connection1);
- assertEquals(ng, networkGroup);
-
- // Clean the network group
- networkGroup.deregister();
- }
-
-
/**
* This test checks that the network group takes into account the
* subordinate naming context defined in the RootDSEBackend.
diff --git a/opendj3-server-dev/tests/unit-tests-testng/src/server/org/opends/server/core/networkgroups/SecurityConnectionCriteriaTest.java b/opendj3-server-dev/tests/unit-tests-testng/src/server/org/opends/server/core/networkgroups/SecurityConnectionCriteriaTest.java
index d1b8268..6c075d2 100644
--- a/opendj3-server-dev/tests/unit-tests-testng/src/server/org/opends/server/core/networkgroups/SecurityConnectionCriteriaTest.java
+++ b/opendj3-server-dev/tests/unit-tests-testng/src/server/org/opends/server/core/networkgroups/SecurityConnectionCriteriaTest.java
@@ -30,7 +30,6 @@
import org.opends.server.DirectoryServerTestCase;
import org.opends.server.TestCaseUtils;
-import org.opends.server.admin.std.meta.NetworkGroupCfgDefn.AllowedAuthMethod;
import org.opends.server.api.ClientConnection;
import org.opends.server.types.AuthenticationType;
import org.opends.server.types.DN;
@@ -98,9 +97,7 @@
SecurityConnectionCriteria criteria, boolean expectedResult)
throws Exception
{
- ClientConnection client =
- new MockClientConnection(12345, isSecure, DN.rootDN(),
- AllowedAuthMethod.ANONYMOUS);
+ ClientConnection client = new MockClientConnection(12345, isSecure, null);
Assert.assertEquals(criteria.matches(client), expectedResult);
}
@@ -124,9 +121,7 @@
SecurityConnectionCriteria criteria, boolean expectedResult)
throws Exception
{
- ClientConnection client =
- new MockClientConnection(12345, false, DN.rootDN(),
- AllowedAuthMethod.ANONYMOUS);
+ ClientConnection client = new MockClientConnection(12345, false, null);
Assert.assertEquals(criteria.willMatchAfterBind(client,
DN.rootDN(), AuthenticationType.SIMPLE, isSecure),
--
Gitblit v1.10.0