From d6b0cd5244b2b60ee9b222fa2d75e8b661e6262c Mon Sep 17 00:00:00 2001
From: Jean-Noel Rouvignac <jean-noel.rouvignac@forgerock.com>
Date: Fri, 12 Jul 2013 10:27:23 +0000
Subject: [PATCH] *.java: Switched the use of collections concrete classes to interfaces.
---
opends/src/server/org/opends/server/authorization/dseecompat/AciEvalContext.java | 7 +-
opends/src/server/org/opends/server/authorization/dseecompat/AciContainer.java | 17 ++---
opends/src/server/org/opends/server/authorization/dseecompat/AciHandler.java | 134 +++++++++++++++++++-------------------------
opends/src/server/org/opends/server/authorization/dseecompat/AciTargetMatchContext.java | 7 +-
4 files changed, 73 insertions(+), 92 deletions(-)
diff --git a/opends/src/server/org/opends/server/authorization/dseecompat/AciContainer.java b/opends/src/server/org/opends/server/authorization/dseecompat/AciContainer.java
index 807f7f6..3e0b68d 100644
--- a/opends/src/server/org/opends/server/authorization/dseecompat/AciContainer.java
+++ b/opends/src/server/org/opends/server/authorization/dseecompat/AciContainer.java
@@ -34,7 +34,6 @@
import java.net.InetAddress;
import java.security.cert.Certificate;
import java.util.HashMap;
-import java.util.LinkedList;
import java.util.List;
import org.opends.server.api.ClientConnection;
@@ -57,7 +56,7 @@
/**
* The allow and deny lists.
*/
- private LinkedList<Aci> denyList, allowList;
+ private List<Aci> denyList, allowList;
/**
* The attribute type in the resource entry currently being evaluated.
@@ -338,7 +337,7 @@
}
/**
- * Set to true if an entry has already been processsed by an access proxy
+ * Set to true if an entry has already been processed by an access proxy
* check.
*
* @param val The value to set the seenEntry boolean to.
@@ -394,7 +393,7 @@
/**
* Return the list of additional attributes specified in the
- * geteffectiveritghts control.
+ * geteffectiverights control.
*
* @return The list of attributes to return rights information about in the
* entry.
@@ -526,7 +525,7 @@
/**
* Returns true if the geteffectiverights control's authZid DN is equal to the
- * authoritzation entry's DN.
+ * authorization entry's DN.
*
* @return True if the authZid is equal to the authorization entry's DN.
*/
@@ -553,7 +552,7 @@
* {@inheritDoc}
*/
@Override
- public void setDenyList(LinkedList<Aci> denys) {
+ public void setDenyList(List<Aci> denys) {
denyList=denys;
}
@@ -561,7 +560,7 @@
* {@inheritDoc}
*/
@Override
- public void setAllowList(LinkedList<Aci> allows) {
+ public void setAllowList(List<Aci> allows) {
allowList=allows;
}
@@ -649,7 +648,7 @@
* {@inheritDoc}
*/
@Override
- public LinkedList<Aci> getDenyList() {
+ public List<Aci> getDenyList() {
return denyList;
}
@@ -657,7 +656,7 @@
* {@inheritDoc}
*/
@Override
- public LinkedList<Aci> getAllowList() {
+ public List<Aci> getAllowList() {
return allowList;
}
diff --git a/opends/src/server/org/opends/server/authorization/dseecompat/AciEvalContext.java b/opends/src/server/org/opends/server/authorization/dseecompat/AciEvalContext.java
index fc62e3d..751aba7 100644
--- a/opends/src/server/org/opends/server/authorization/dseecompat/AciEvalContext.java
+++ b/opends/src/server/org/opends/server/authorization/dseecompat/AciEvalContext.java
@@ -25,7 +25,6 @@
* Copyright 2008-2010 Sun Microsystems, Inc.
* Portions Copyright 2011 ForgeRock AS
*/
-
package org.opends.server.authorization.dseecompat;
import org.opends.server.types.DN;
@@ -34,7 +33,7 @@
import org.opends.server.api.Group;
import java.net.InetAddress;
-import java.util.LinkedList;
+import java.util.List;
/**
* Interface that provides a view of the AciContainer that is
@@ -66,13 +65,13 @@
* Get the list of deny ACIs.
* @return The deny ACI list.
*/
- public LinkedList<Aci> getDenyList();
+ public List<Aci> getDenyList();
/**
* Get the list allow ACIs.
* @return The allow ACI list.
*/
- public LinkedList<Aci> getAllowList();
+ public List<Aci> getAllowList();
/**
* Set when the deny list is being evaluated.
diff --git a/opends/src/server/org/opends/server/authorization/dseecompat/AciHandler.java b/opends/src/server/org/opends/server/authorization/dseecompat/AciHandler.java
index 3e72e08..d097801 100644
--- a/opends/src/server/org/opends/server/authorization/dseecompat/AciHandler.java
+++ b/opends/src/server/org/opends/server/authorization/dseecompat/AciHandler.java
@@ -98,7 +98,7 @@
*/
private static AttributeType debugSearchIndex;
- /*
+ /**
* DN corresponding to "debugsearchindex" attribute type.
*/
private static DN debugSearchIndexDN;
@@ -121,8 +121,10 @@
- // We initialize these for each new AciHandler so that we can clear
- // out the stale references that can occur during an in-core restart.
+ /**
+ * We initialize these for each new AciHandler so that we can clear out the
+ * stale references that can occur during an in-core restart.
+ */
private static void initStatics()
{
if ((aciType = DirectoryServer.getAttributeType("aci")) == null)
@@ -262,8 +264,8 @@
public boolean isAllowed(DN entryDN, Operation op, Control control)
throws DirectoryException
{
- boolean ret;
- if (!(ret = skipAccessCheck(op)))
+ boolean ret = skipAccessCheck(op);
+ if (!ret)
{
Entry e = new Entry(entryDN, null, null, null);
AciLDAPOperationContainer operationContainer =
@@ -271,15 +273,15 @@
(ACI_READ | ACI_CONTROL));
ret = accessAllowed(operationContainer);
}
- if (control.getOID().equals(OID_PROXIED_AUTH_V2)
- || control.getOID().equals(OID_PROXIED_AUTH_V1))
+ if (OID_PROXIED_AUTH_V2.equals(control.getOID())
+ || OID_PROXIED_AUTH_V1.equals(control.getOID()))
{
if (ret)
{
op.setAttachment(ORIG_AUTH_ENTRY, op.getAuthorizationEntry());
}
}
- else if (control.getOID().equals(OID_GET_EFFECTIVE_RIGHTS))
+ else if (OID_GET_EFFECTIVE_RIGHTS.equals(control.getOID()))
{
if (ret)
{
@@ -308,8 +310,8 @@
@Override
public boolean isAllowed(ExtendedOperation operation)
{
- boolean ret;
- if (!(ret = skipAccessCheck(operation)))
+ boolean ret = skipAccessCheck(operation);
+ if (!ret)
{
Entry e =
new Entry(operation.getAuthorizationDN(), null, null, null);
@@ -435,7 +437,7 @@
if (!skipAccessCheck(operation))
{
// If this is a modifyDN move to a new superior, then check if the
- // superior DN has import accesss.
+ // superior DN has import access.
if ((newSuperiorDN = operation.getNewSuperior()) != null)
{
try
@@ -455,7 +457,7 @@
// If this is a modifyDN move to a new superior, then check if the
// original entry DN has export access.
- if (ret && (newSuperiorDN != null))
+ if (ret && newSuperiorDN != null)
{
AciLDAPOperationContainer operationContainer =
new AciLDAPOperationContainer(operation, ACI_EXPORT,
@@ -530,8 +532,8 @@
public boolean mayProxy(Entry proxyUser, Entry proxiedUser,
Operation op)
{
- boolean ret;
- if (!(ret = skipAccessCheck(proxyUser)))
+ boolean ret = skipAccessCheck(proxyUser);
+ if (!ret)
{
AuthenticationInfo authInfo =
new AuthenticationInfo(proxyUser, DirectoryServer
@@ -553,8 +555,8 @@
public boolean maySend(DN dn, Operation operation,
SearchResultReference reference)
{
- boolean ret;
- if (!(ret = skipAccessCheck(operation)))
+ boolean ret = skipAccessCheck(operation);
+ if (!ret)
{
Entry e = new Entry(dn, null, null, null);
AttributeBuilder builder =
@@ -656,9 +658,9 @@
// Check if the ACI_SELF right needs to be set (selfwrite right).
// Only done if the right is ACI_WRITE, an attribute value is set
// and that attribute value is a DN.
- if ((container.getCurrentAttributeValue() != null)
- && (container.hasRights(ACI_WRITE))
- && (isAttributeDN(container.getCurrentAttributeType())))
+ if (container.getCurrentAttributeValue() != null
+ && container.hasRights(ACI_WRITE)
+ && isAttributeDN(container.getCurrentAttributeType()))
{
String DNString = null;
try
@@ -692,11 +694,9 @@
&& !container.hasRights(ACI_SKIP_PROXY_CHECK))
{
int currentRights = container.getRights();
- // Save the current rights so they can be put back if on
- // success.
+ // Save the current rights so they can be put back if on success.
container.setRights(ACI_PROXY);
- // Switch to the original authorization entry, not the proxied
- // one.
+ // Switch to the original authorization entry, not the proxied one.
container.useOrigAuthorizationEntry(true);
if (!accessAllowed(container))
{
@@ -713,18 +713,14 @@
container.setSeenEntry(true);
}
- /*
- * First get all allowed candidate ACIs.
- */
- LinkedList<Aci> candidates = aciList.getCandidateAcis(dn);
+ // First get all allowed candidate ACIs.
+ List<Aci> candidates = aciList.getCandidateAcis(dn);
/*
* Create an applicable list of ACIs by target matching each
* candidate ACI against the container's target match view.
*/
createApplicableList(candidates, container);
- /*
- * Evaluate the applicable list.
- */
+ // Evaluate the applicable list.
boolean ret = testApplicableLists(container);
// Build summary string if doing geteffectiverights eval.
if (container.isGetEffectiveRightsEval())
@@ -871,22 +867,19 @@
Attribute modAttr = m.getAttribute();
AttributeType modAttrType = modAttr.getAttributeType();
- if (modAttrType.equals(aciType))
+ if (modAttrType.equals(aciType)
+ /*
+ * Check that the operation has modify privileges if it contains
+ * an "aci" attribute type.
+ */
+ && !operation.getClientConnection().hasPrivilege(
+ Privilege.MODIFY_ACL, operation))
{
- /*
- * Check that the operation has modify privileges if it contains
- * an "aci" attribute type.
- */
- if (!operation.getClientConnection().hasPrivilege(
- Privilege.MODIFY_ACL, operation))
- {
- Message message =
- INFO_ACI_MODIFY_FAILED_PRIVILEGE.get(String
- .valueOf(container.getResourceDN()), String
- .valueOf(container.getClientDN()));
- logError(message);
- return false;
- }
+ Message message =
+ INFO_ACI_MODIFY_FAILED_PRIVILEGE.get(String.valueOf(container
+ .getResourceDN()), String.valueOf(container.getClientDN()));
+ logError(message);
+ return false;
}
// This access check handles the case where all attributes of this
// type are being replaced or deleted. If only a subset is being
@@ -1111,21 +1104,18 @@
*/
private boolean checkRDN(int right, RDN rdn, AciContainer container)
{
- boolean ret = false;
- int numAVAs = rdn.getNumValues();
container.setRights(right);
+ final int numAVAs = rdn.getNumValues();
for (int i = 0; i < numAVAs; i++)
{
- AttributeType type = rdn.getAttributeType(i);
- AttributeValue value = rdn.getAttributeValue(i);
- container.setCurrentAttributeType(type);
- container.setCurrentAttributeValue(value);
- if (!(ret = accessAllowed(container)))
+ container.setCurrentAttributeType(rdn.getAttributeType(i));
+ container.setCurrentAttributeValue(rdn.getAttributeValue(i));
+ if (!accessAllowed(container))
{
- break;
+ return false;
}
}
- return ret;
+ return true;
}
@@ -1139,11 +1129,11 @@
* @param targetMatchCtx
* Target matching context to use for testing each ACI.
*/
- private void createApplicableList(LinkedList<Aci> candidates,
+ private void createApplicableList(List<Aci> candidates,
AciTargetMatchContext targetMatchCtx)
{
- LinkedList<Aci> denys = new LinkedList<Aci>();
- LinkedList<Aci> allows = new LinkedList<Aci>();
+ List<Aci> denys = new LinkedList<Aci>();
+ List<Aci> allows = new LinkedList<Aci>();
for (Aci aci : candidates)
{
if (Aci.isApplicable(aci, targetMatchCtx))
@@ -1232,7 +1222,7 @@
*/
private boolean isAttributeDN(AttributeType attribute)
{
- return (attribute.getSyntaxOID().equals(SYNTAX_DN_OID));
+ return SYNTAX_DN_OID.equals(attribute.getSyntaxOID());
}
@@ -1399,14 +1389,11 @@
*/
private boolean testApplicableLists(AciEvalContext evalCtx)
{
- EnumEvalResult res;
evalCtx.setEvalReason(EnumEvalReason.NO_REASON);
- LinkedList<Aci> denys = evalCtx.getDenyList();
- LinkedList<Aci> allows = evalCtx.getAllowList();
// If allows list is empty and not doing geteffectiverights return
// false.
evalCtx.setDenyEval(true);
- if (allows.isEmpty()
+ if (evalCtx.getAllowList().isEmpty()
&& !(evalCtx.isGetEffectiveRightsEval()
&& !evalCtx.hasRights(ACI_SELF) && evalCtx
.isTargAttrFilterMatchAciEmpty()))
@@ -1415,9 +1402,10 @@
evalCtx.setDecidingAci(null);
return false;
}
- for (Aci denyAci : denys)
+
+ for (Aci denyAci : evalCtx.getDenyList())
{
- res = Aci.evaluate(evalCtx, denyAci);
+ final EnumEvalResult res = Aci.evaluate(evalCtx, denyAci);
// Failure could be returned if a system limit is hit or
// search fails
if (res.equals(EnumEvalResult.FAIL))
@@ -1452,9 +1440,9 @@
}
// Now check the allows -- flip the deny flag to false first.
evalCtx.setDenyEval(false);
- for (Aci allowAci : allows)
+ for (Aci allowAci : evalCtx.getAllowList())
{
- res = Aci.evaluate(evalCtx, allowAci);
+ final EnumEvalResult res = Aci.evaluate(evalCtx, allowAci);
if (res.equals(EnumEvalResult.TRUE))
{
if (evalCtx.isGetEffectiveRightsEval()
@@ -1463,8 +1451,7 @@
{
// Iterate to next only if deny ACI contains a targattrfilters
// keyword.
- if (AciEffectiveRights.setTargAttrAci(evalCtx, allowAci,
- false))
+ if (AciEffectiveRights.setTargAttrAci(evalCtx, allowAci, false))
{
continue;
}
@@ -1504,7 +1491,6 @@
private boolean testFilter(AciLDAPOperationContainer container,
SearchFilter filter) throws DirectoryException
{
- boolean ret = true;
// If the resource entry has a dn equal to "cn=debugsearch" and it
// contains the special attribute type "debugsearchindex", then the
// resource entry is a pseudo entry created for debug purposes.
@@ -1531,17 +1517,16 @@
case NOT:
{
SearchFilter f = filter.getNotComponent();
- ret = testFilter(container, f);
- break;
+ return testFilter(container, f);
}
default:
{
AttributeType attrType = filter.getAttributeType();
container.setCurrentAttributeType(attrType);
- ret = accessAllowed(container);
+ return accessAllowed(container);
}
}
- return ret;
+ return true;
}
@@ -1590,8 +1575,7 @@
{
try
{
- DN dn = entry.getDN();
- Aci.decode(value.getValue(), dn);
+ Aci.decode(value.getValue(), entry.getDN());
}
catch (AciException ex)
{
diff --git a/opends/src/server/org/opends/server/authorization/dseecompat/AciTargetMatchContext.java b/opends/src/server/org/opends/server/authorization/dseecompat/AciTargetMatchContext.java
index 710569a..a3b79f8 100644
--- a/opends/src/server/org/opends/server/authorization/dseecompat/AciTargetMatchContext.java
+++ b/opends/src/server/org/opends/server/authorization/dseecompat/AciTargetMatchContext.java
@@ -24,13 +24,12 @@
*
* Copyright 2008 Sun Microsystems, Inc.
*/
-
package org.opends.server.authorization.dseecompat;
import org.opends.server.types.AttributeType;
import org.opends.server.types.AttributeValue;
import org.opends.server.types.Entry;
-import java.util.LinkedList;
+import java.util.List;
/**
* The AciTargetMatchContext interface provides a
@@ -46,13 +45,13 @@
* Set the deny ACI list.
* @param denyList The deny ACI list.
*/
- public void setDenyList(LinkedList<Aci> denyList);
+ public void setDenyList(List<Aci> denyList);
/**
* Set the allow ACI list.
* @param allowList The list of allow ACIs.
*/
- public void setAllowList(LinkedList<Aci> allowList);
+ public void setAllowList(List<Aci> allowList);
/**
* Get the entry being evaluated. This is known as the
--
Gitblit v1.10.0