From edf8944f0ae80b608797206944cbd2db8d08a9a7 Mon Sep 17 00:00:00 2001
From: Jean-Noël Rouvignac <jean-noel.rouvignac@forgerock.com>
Date: Wed, 23 Dec 2015 14:52:02 +0000
Subject: [PATCH] Remove unnecessary null checks for Operation.getRequestControls()
---
opendj-server-legacy/src/main/java/org/opends/server/extensions/PasswordModifyExtendedOperation.java | 48 +
opendj-server-legacy/src/main/java/org/opends/server/workflowelement/localbackend/LocalBackendDeleteOperation.java | 119 ++---
opendj-server-legacy/src/main/java/org/opends/server/workflowelement/localbackend/LocalBackendModifyOperation.java | 154 +++----
opendj-server-legacy/src/main/java/org/opends/server/replication/plugin/MultimasterReplication.java | 7
opendj-server-legacy/src/main/java/org/opends/server/workflowelement/localbackend/LocalBackendCompareOperation.java | 99 ++--
opendj-server-legacy/src/main/java/org/opends/server/workflowelement/localbackend/LocalBackendModifyDNOperation.java | 147 +++----
opendj-server-legacy/src/main/java/org/opends/server/workflowelement/localbackend/LocalBackendWorkflowElement.java | 64 +-
opendj-server-legacy/src/main/java/org/opends/server/workflowelement/localbackend/LocalBackendAddOperation.java | 137 +++---
opendj-server-legacy/src/main/java/org/opends/server/types/AbstractOperation.java | 18
opendj-server-legacy/src/main/java/org/opends/server/core/ExtendedOperationBasis.java | 90 ++--
opendj-server-legacy/src/main/java/org/opends/server/workflowelement/localbackend/LocalBackendBindOperation.java | 38 -
opendj-server-legacy/src/main/java/org/opends/server/backends/pluggable/EntryContainer.java | 10
opendj-server-legacy/src/main/java/org/opends/server/workflowelement/localbackend/LocalBackendSearchOperation.java | 206 ++++------
13 files changed, 519 insertions(+), 618 deletions(-)
diff --git a/opendj-server-legacy/src/main/java/org/opends/server/backends/pluggable/EntryContainer.java b/opendj-server-legacy/src/main/java/org/opends/server/backends/pluggable/EntryContainer.java
index bb3b81e..ea3da69 100644
--- a/opendj-server-legacy/src/main/java/org/opends/server/backends/pluggable/EntryContainer.java
+++ b/opendj-server-legacy/src/main/java/org/opends/server/backends/pluggable/EntryContainer.java
@@ -2352,15 +2352,11 @@
*/
private static boolean isManageDsaITOperation(Operation operation)
{
- List<Control> controls = operation.getRequestControls();
- if (controls != null)
+ for (Control control : operation.getRequestControls())
{
- for (Control control : controls)
+ if (ServerConstants.OID_MANAGE_DSAIT_CONTROL.equals(control.getOID()))
{
- if (ServerConstants.OID_MANAGE_DSAIT_CONTROL.equals(control.getOID()))
- {
- return true;
- }
+ return true;
}
}
return false;
diff --git a/opendj-server-legacy/src/main/java/org/opends/server/core/ExtendedOperationBasis.java b/opendj-server-legacy/src/main/java/org/opends/server/core/ExtendedOperationBasis.java
index 0e6596b..47d38c9 100644
--- a/opendj-server-legacy/src/main/java/org/opends/server/core/ExtendedOperationBasis.java
+++ b/opendj-server-legacy/src/main/java/org/opends/server/core/ExtendedOperationBasis.java
@@ -38,9 +38,16 @@
import org.forgerock.i18n.slf4j.LocalizedLogger;
import org.forgerock.opendj.ldap.ByteString;
import org.forgerock.opendj.ldap.ResultCode;
+import org.opends.server.api.AccessControlHandler;
import org.opends.server.api.ClientConnection;
import org.opends.server.api.ExtendedOperationHandler;
-import org.opends.server.types.*;
+import org.opends.server.types.AbstractOperation;
+import org.opends.server.types.CancelResult;
+import org.opends.server.types.CanceledOperationException;
+import org.opends.server.types.Control;
+import org.opends.server.types.DN;
+import org.opends.server.types.DirectoryException;
+import org.opends.server.types.OperationType;
import org.opends.server.types.operation.PostOperationExtendedOperation;
import org.opends.server.types.operation.PostResponseExtendedOperation;
import org.opends.server.types.operation.PreOperationExtendedOperation;
@@ -303,53 +310,44 @@
// Look at the controls included in the request and ensure that all
// critical controls are supported by the handler.
- List<Control> requestControls = getRequestControls();
- if (requestControls != null && !requestControls.isEmpty())
+ for (Iterator<Control> iter = getRequestControls().iterator(); iter.hasNext();)
{
- for (Iterator<Control> iter = requestControls.iterator(); iter
- .hasNext();)
+ final Control c = iter.next();
+ try
{
- final Control c = iter.next();
- try
+ if (!getAccessControlHandler().isAllowed(getAuthorizationDN(), this, c))
{
- if (!AccessControlConfigManager.getInstance()
- .getAccessControlHandler()
- .isAllowed(getAuthorizationDN(), this, c))
+ // As per RFC 4511 4.1.11.
+ if (c.isCritical())
{
- // As per RFC 4511 4.1.11.
- if (c.isCritical())
- {
- setResultCode(ResultCode.UNAVAILABLE_CRITICAL_EXTENSION);
- appendErrorMessage(ERR_CONTROL_INSUFFICIENT_ACCESS_RIGHTS
- .get(c.getOID()));
- }
- else
- {
- // We don't want to process this non-critical control, so
- // remove it.
- iter.remove();
- continue;
- }
+ setResultCode(ResultCode.UNAVAILABLE_CRITICAL_EXTENSION);
+ appendErrorMessage(ERR_CONTROL_INSUFFICIENT_ACCESS_RIGHTS.get(c.getOID()));
+ }
+ else
+ {
+ // We don't want to process this non-critical control, so remove it.
+ iter.remove();
+ continue;
}
}
- catch (DirectoryException e)
- {
- setResultCode(e.getResultCode());
- appendErrorMessage(e.getMessageObject());
- return;
- }
+ }
+ catch (DirectoryException e)
+ {
+ setResultCode(e.getResultCode());
+ appendErrorMessage(e.getMessageObject());
+ return;
+ }
- if (! c.isCritical())
- {
- // The control isn't critical, so we don't care if it's supported
- // or not.
- }
- else if (! handler.supportsControl(c.getOID()))
- {
- setResultCode(ResultCode.UNAVAILABLE_CRITICAL_EXTENSION);
- appendErrorMessage(ERR_EXTENDED_UNSUPPORTED_CRITICAL_CONTROL.get(requestOID, c.getOID()));
- return;
- }
+ if (!c.isCritical())
+ {
+ // The control isn't critical, so we don't care if it's supported
+ // or not.
+ }
+ else if (!handler.supportsControl(c.getOID()))
+ {
+ setResultCode(ResultCode.UNAVAILABLE_CRITICAL_EXTENSION);
+ appendErrorMessage(ERR_EXTENDED_UNSUPPORTED_CRITICAL_CONTROL.get(requestOID, c.getOID()));
+ return;
}
}
@@ -362,7 +360,7 @@
// and any other controls specified.
try
{
- if (!AccessControlConfigManager.getInstance().getAccessControlHandler().isAllowed(this))
+ if (!getAccessControlHandler().isAllowed(this))
{
setResultCode(ResultCode.INSUFFICIENT_ACCESS_RIGHTS);
appendErrorMessage(ERR_EXTENDED_AUTHZ_INSUFFICIENT_ACCESS_RIGHTS.get(requestOID));
@@ -438,7 +436,11 @@
}
}
- /** {@inheritDoc} */
+ private AccessControlHandler<?> getAccessControlHandler()
+ {
+ return AccessControlConfigManager.getInstance().getAccessControlHandler();
+ }
+
@Override
public final void toString(StringBuilder buffer)
{
@@ -450,6 +452,4 @@
buffer.append(requestOID);
buffer.append(")");
}
-
}
-
diff --git a/opendj-server-legacy/src/main/java/org/opends/server/extensions/PasswordModifyExtendedOperation.java b/opendj-server-legacy/src/main/java/org/opends/server/extensions/PasswordModifyExtendedOperation.java
index af9b0ee..6d7f73c 100644
--- a/opendj-server-legacy/src/main/java/org/opends/server/extensions/PasswordModifyExtendedOperation.java
+++ b/opendj-server-legacy/src/main/java/org/opends/server/extensions/PasswordModifyExtendedOperation.java
@@ -37,7 +37,13 @@
import static org.opends.server.util.StaticUtils.*;
import java.io.IOException;
-import java.util.*;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.HashSet;
+import java.util.LinkedHashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
import org.forgerock.i18n.LocalizableMessage;
import org.forgerock.i18n.LocalizableMessageBuilder;
@@ -54,7 +60,11 @@
import org.opends.server.admin.server.ConfigurationChangeListener;
import org.opends.server.admin.std.server.ExtendedOperationHandlerCfg;
import org.opends.server.admin.std.server.PasswordModifyExtendedOperationHandlerCfg;
-import org.opends.server.api.*;
+import org.opends.server.api.AuthenticationPolicy;
+import org.opends.server.api.ClientConnection;
+import org.opends.server.api.ExtendedOperationHandler;
+import org.opends.server.api.IdentityMapper;
+import org.opends.server.api.PasswordStorageScheme;
import org.opends.server.controls.PasswordPolicyErrorType;
import org.opends.server.controls.PasswordPolicyResponseControl;
import org.opends.server.core.DirectoryServer;
@@ -64,8 +74,20 @@
import org.opends.server.protocols.internal.InternalClientConnection;
import org.opends.server.schema.AuthPasswordSyntax;
import org.opends.server.schema.UserPasswordSyntax;
-import org.opends.server.types.*;
+import org.opends.server.types.AccountStatusNotification;
+import org.opends.server.types.AccountStatusNotificationProperty;
+import org.opends.server.types.AdditionalLogItem;
+import org.opends.server.types.AttributeBuilder;
+import org.opends.server.types.AttributeType;
+import org.opends.server.types.AuthenticationInfo;
+import org.opends.server.types.Control;
+import org.opends.server.types.DN;
+import org.opends.server.types.DirectoryException;
+import org.opends.server.types.Entry;
+import org.opends.server.types.InitializationException;
import org.opends.server.types.LockManager.DNLock;
+import org.opends.server.types.Modification;
+import org.opends.server.types.Privilege;
/**
* This class implements the password modify extended operation defined in RFC
@@ -167,20 +189,16 @@
// Look at the set of controls included in the request, if there are any.
boolean noOpRequested = false;
boolean pwPolicyRequested = false;
- List<Control> controls = operation.getRequestControls();
- if (controls != null)
+ for (Control c : operation.getRequestControls())
{
- for (Control c : controls)
+ String oid = c.getOID();
+ if (OID_LDAP_NOOP_OPENLDAP_ASSIGNED.equals(oid))
{
- String oid = c.getOID();
- if (OID_LDAP_NOOP_OPENLDAP_ASSIGNED.equals(oid))
- {
- noOpRequested = true;
- }
- else if (OID_PASSWORD_POLICY_CONTROL.equals(oid))
- {
- pwPolicyRequested = true;
- }
+ noOpRequested = true;
+ }
+ else if (OID_PASSWORD_POLICY_CONTROL.equals(oid))
+ {
+ pwPolicyRequested = true;
}
}
diff --git a/opendj-server-legacy/src/main/java/org/opends/server/replication/plugin/MultimasterReplication.java b/opendj-server-legacy/src/main/java/org/opends/server/replication/plugin/MultimasterReplication.java
index 8f45cb3..9642cf3 100644
--- a/opendj-server-legacy/src/main/java/org/opends/server/replication/plugin/MultimasterReplication.java
+++ b/opendj-server-legacy/src/main/java/org/opends/server/replication/plugin/MultimasterReplication.java
@@ -156,10 +156,9 @@
* running later do not generate CSN, solve conflicts and forward the
* operation to the replication server.
*/
- final List<Control> controls = op.getRequestControls();
- for (Iterator<Control> iter = controls.iterator(); iter.hasNext();)
+ for (Iterator<Control> it = op.getRequestControls().iterator(); it.hasNext();)
{
- Control c = iter.next();
+ Control c = it.next();
if (OID_REPLICATION_REPAIR_CONTROL.equals(c.getOID()))
{
op.setSynchronizationOperation(true);
@@ -169,7 +168,7 @@
processed and the local backend will fail if it finds a control that
it does not know about and that is marked as critical.
*/
- iter.remove();
+ it.remove();
return null;
}
}
diff --git a/opendj-server-legacy/src/main/java/org/opends/server/types/AbstractOperation.java b/opendj-server-legacy/src/main/java/org/opends/server/types/AbstractOperation.java
index 73a0972..815c2b6 100644
--- a/opendj-server-legacy/src/main/java/org/opends/server/types/AbstractOperation.java
+++ b/opendj-server-legacy/src/main/java/org/opends/server/types/AbstractOperation.java
@@ -31,6 +31,7 @@
import java.util.HashMap;
import java.util.LinkedList;
import java.util.List;
+import java.util.ListIterator;
import java.util.Map;
import org.forgerock.i18n.LocalizableMessage;
@@ -167,16 +168,7 @@
this.operationID = operationID;
this.messageID = messageID;
this.useNanoTime = DirectoryServer.getUseNanoTime();
-
- if (requestControls == null)
- {
- this.requestControls = new ArrayList<>(0);
- }
- else
- {
- this.requestControls = requestControls;
- }
-
+ this.requestControls = requestControls != null ? requestControls : new ArrayList<Control>(0);
authorizationEntry = clientConnection.getAuthenticationInfo().getAuthorizationEntry();
}
@@ -225,16 +217,16 @@
ControlDecoder<T> d) throws DirectoryException
{
String oid = d.getOID();
- for(int i = 0; i < requestControls.size(); i++)
+ for (ListIterator<Control> it = requestControls.listIterator(); it.hasNext();)
{
- Control c = requestControls.get(i);
+ Control c = it.next();
if(c.getOID().equals(oid))
{
if(c instanceof LDAPControl)
{
T decodedControl = d.decode(c.isCritical(),
((LDAPControl) c).getValue());
- requestControls.set(i, decodedControl);
+ it.set(decodedControl);
return decodedControl;
}
else
diff --git a/opendj-server-legacy/src/main/java/org/opends/server/workflowelement/localbackend/LocalBackendAddOperation.java b/opendj-server-legacy/src/main/java/org/opends/server/workflowelement/localbackend/LocalBackendAddOperation.java
index 5e9f6f7..8772e9d 100644
--- a/opendj-server-legacy/src/main/java/org/opends/server/workflowelement/localbackend/LocalBackendAddOperation.java
+++ b/opendj-server-legacy/src/main/java/org/opends/server/workflowelement/localbackend/LocalBackendAddOperation.java
@@ -980,91 +980,78 @@
LocalBackendWorkflowElement.evaluateProxyAuthControls(this);
LocalBackendWorkflowElement.removeAllDisallowedControls(parentDN, this);
- List<Control> requestControls = getRequestControls();
- if (requestControls != null && !requestControls.isEmpty())
+ for (Control c : getRequestControls())
{
- for (Control c : requestControls)
+ final String oid = c.getOID();
+
+ if (OID_LDAP_ASSERTION.equals(oid))
{
- final String oid = c.getOID();
+ // RFC 4528 mandates support for Add operation basically
+ // suggesting an assertion on self. As daft as it may be
+ // we gonna have to support this for RFC compliance.
+ LDAPAssertionRequestControl assertControl = getRequestControl(LDAPAssertionRequestControl.DECODER);
- if (OID_LDAP_ASSERTION.equals(oid))
+ SearchFilter filter;
+ try
{
- // RFC 4528 mandates support for Add operation basically
- // suggesting an assertion on self. As daft as it may be
- // we gonna have to support this for RFC compliance.
- LDAPAssertionRequestControl assertControl =
- getRequestControl(LDAPAssertionRequestControl.DECODER);
+ filter = assertControl.getSearchFilter();
+ }
+ catch (DirectoryException de)
+ {
+ logger.traceException(de);
- SearchFilter filter;
- try
+ throw newDirectoryException(entryDN, de.getResultCode(),
+ ERR_ADD_CANNOT_PROCESS_ASSERTION_FILTER.get(entryDN, de.getMessageObject()));
+ }
+
+ // Check if the current user has permission to make this determination.
+ if (!getAccessControlHandler().isAllowed(this, entry, filter))
+ {
+ throw new DirectoryException(ResultCode.INSUFFICIENT_ACCESS_RIGHTS,
+ ERR_CONTROL_INSUFFICIENT_ACCESS_RIGHTS.get(oid));
+ }
+
+ try
+ {
+ if (!filter.matchesEntry(entry))
{
- filter = assertControl.getSearchFilter();
- }
- catch (DirectoryException de)
- {
- logger.traceException(de);
-
- throw newDirectoryException(entryDN, de.getResultCode(),
- ERR_ADD_CANNOT_PROCESS_ASSERTION_FILTER.get(
- entryDN, de.getMessageObject()));
- }
-
- // Check if the current user has permission to make this determination.
- if (!getAccessControlHandler().isAllowed(this, entry, filter))
- {
- throw new DirectoryException(
- ResultCode.INSUFFICIENT_ACCESS_RIGHTS,
- ERR_CONTROL_INSUFFICIENT_ACCESS_RIGHTS.get(oid));
- }
-
- try
- {
- if (!filter.matchesEntry(entry))
- {
- throw newDirectoryException(entryDN, ResultCode.ASSERTION_FAILED,
- ERR_ADD_ASSERTION_FAILED.get(entryDN));
- }
- }
- catch (DirectoryException de)
- {
- if (de.getResultCode() == ResultCode.ASSERTION_FAILED)
- {
- throw de;
- }
-
- logger.traceException(de);
-
- throw newDirectoryException(entryDN, de.getResultCode(),
- ERR_ADD_CANNOT_PROCESS_ASSERTION_FILTER.get(
- entryDN, de.getMessageObject()));
+ throw newDirectoryException(entryDN, ResultCode.ASSERTION_FAILED, ERR_ADD_ASSERTION_FAILED.get(entryDN));
}
}
- else if (OID_LDAP_NOOP_OPENLDAP_ASSIGNED.equals(oid))
+ catch (DirectoryException de)
{
- noOp = true;
+ if (de.getResultCode() == ResultCode.ASSERTION_FAILED)
+ {
+ throw de;
+ }
+
+ logger.traceException(de);
+
+ throw newDirectoryException(entryDN, de.getResultCode(),
+ ERR_ADD_CANNOT_PROCESS_ASSERTION_FILTER.get(entryDN, de.getMessageObject()));
}
- else if (OID_LDAP_READENTRY_POSTREAD.equals(oid))
- {
- postReadRequest =
- getRequestControl(LDAPPostReadRequestControl.DECODER);
- }
- else if (LocalBackendWorkflowElement.isProxyAuthzControl(oid))
- {
- continue;
- }
- else if (OID_PASSWORD_POLICY_CONTROL.equals(oid))
- {
- // We don't need to do anything here because it's already handled
- // in LocalBackendAddOperation.handlePasswordPolicy().
- }
- // NYI -- Add support for additional controls.
- else if (c.isCritical()
- && (backend == null || !backend.supportsControl(oid)))
- {
- throw newDirectoryException(entryDN,
- ResultCode.UNAVAILABLE_CRITICAL_EXTENSION,
- ERR_ADD_UNSUPPORTED_CRITICAL_CONTROL.get(entryDN, oid));
- }
+ }
+ else if (OID_LDAP_NOOP_OPENLDAP_ASSIGNED.equals(oid))
+ {
+ noOp = true;
+ }
+ else if (OID_LDAP_READENTRY_POSTREAD.equals(oid))
+ {
+ postReadRequest = getRequestControl(LDAPPostReadRequestControl.DECODER);
+ }
+ else if (LocalBackendWorkflowElement.isProxyAuthzControl(oid))
+ {
+ continue;
+ }
+ else if (OID_PASSWORD_POLICY_CONTROL.equals(oid))
+ {
+ // We don't need to do anything here because it's already handled
+ // in LocalBackendAddOperation.handlePasswordPolicy().
+ }
+ else if (c.isCritical() && (backend == null || !backend.supportsControl(oid)))
+ {
+ throw newDirectoryException(entryDN, ResultCode.UNAVAILABLE_CRITICAL_EXTENSION,
+ ERR_ADD_UNSUPPORTED_CRITICAL_CONTROL.get(entryDN, oid));
}
}
}
diff --git a/opendj-server-legacy/src/main/java/org/opends/server/workflowelement/localbackend/LocalBackendBindOperation.java b/opendj-server-legacy/src/main/java/org/opends/server/workflowelement/localbackend/LocalBackendBindOperation.java
index 4304ca1..09f695e 100644
--- a/opendj-server-legacy/src/main/java/org/opends/server/workflowelement/localbackend/LocalBackendBindOperation.java
+++ b/opendj-server-legacy/src/main/java/org/opends/server/workflowelement/localbackend/LocalBackendBindOperation.java
@@ -325,29 +325,22 @@
{
LocalBackendWorkflowElement.removeAllDisallowedControls(bindDN, this);
- List<Control> requestControls = getRequestControls();
- if (requestControls != null && !requestControls.isEmpty())
+ for (Control c : getRequestControls())
{
- for (Control c : requestControls)
+ final String oid = c.getOID();
+
+ if (OID_AUTHZID_REQUEST.equals(oid))
{
- final String oid = c.getOID();
-
- if (OID_AUTHZID_REQUEST.equals(oid))
- {
- returnAuthzID = true;
- }
- else if (OID_PASSWORD_POLICY_CONTROL.equals(oid))
- {
- pwPolicyControlRequested = true;
- }
-
- // NYI -- Add support for additional controls.
- else if (c.isCritical())
- {
- throw new DirectoryException(
- ResultCode.UNAVAILABLE_CRITICAL_EXTENSION,
- ERR_BIND_UNSUPPORTED_CRITICAL_CONTROL.get(oid));
- }
+ returnAuthzID = true;
+ }
+ else if (OID_PASSWORD_POLICY_CONTROL.equals(oid))
+ {
+ pwPolicyControlRequested = true;
+ }
+ else if (c.isCritical())
+ {
+ throw new DirectoryException(ResultCode.UNAVAILABLE_CRITICAL_EXTENSION,
+ ERR_BIND_UNSUPPORTED_CRITICAL_CONTROL.get(oid));
}
}
}
@@ -363,8 +356,7 @@
*/
private boolean processSimpleBind() throws DirectoryException
{
- // See if this is an anonymous bind. If so, then determine whether
- // to allow it.
+ // See if this is an anonymous bind. If so, then determine whether to allow it.
ByteString simplePassword = getSimplePassword();
if (simplePassword == null || simplePassword.length() == 0)
{
diff --git a/opendj-server-legacy/src/main/java/org/opends/server/workflowelement/localbackend/LocalBackendCompareOperation.java b/opendj-server-legacy/src/main/java/org/opends/server/workflowelement/localbackend/LocalBackendCompareOperation.java
index ff3e065..8fc12f5 100644
--- a/opendj-server-legacy/src/main/java/org/opends/server/workflowelement/localbackend/LocalBackendCompareOperation.java
+++ b/opendj-server-legacy/src/main/java/org/opends/server/workflowelement/localbackend/LocalBackendCompareOperation.java
@@ -318,74 +318,63 @@
LocalBackendWorkflowElement.evaluateProxyAuthControls(this);
LocalBackendWorkflowElement.removeAllDisallowedControls(entryDN, this);
- List<Control> requestControls = getRequestControls();
- if (requestControls != null && !requestControls.isEmpty())
+ for (Control c : getRequestControls())
{
- for (Control c : requestControls)
+ final String oid = c.getOID();
+
+ if (OID_LDAP_ASSERTION.equals(oid))
{
- final String oid = c.getOID();
+ LDAPAssertionRequestControl assertControl = getRequestControl(LDAPAssertionRequestControl.DECODER);
- if (OID_LDAP_ASSERTION.equals(oid))
+ SearchFilter filter;
+ try
{
- LDAPAssertionRequestControl assertControl =
- getRequestControl(LDAPAssertionRequestControl.DECODER);
+ filter = assertControl.getSearchFilter();
+ }
+ catch (DirectoryException de)
+ {
+ logger.traceException(de);
- SearchFilter filter;
- try
- {
- filter = assertControl.getSearchFilter();
- }
- catch (DirectoryException de)
- {
- logger.traceException(de);
+ throw newDirectoryException(entry, de.getResultCode(),
+ ERR_COMPARE_CANNOT_PROCESS_ASSERTION_FILTER.get(entryDN, de.getMessageObject()));
+ }
- throw newDirectoryException(entry, de.getResultCode(),
- ERR_COMPARE_CANNOT_PROCESS_ASSERTION_FILTER.get(entryDN, de.getMessageObject()));
- }
-
- // Check if the current user has permission to make this determination.
- if (!getAccessControlHandler().isAllowed(this, entry, filter))
- {
- throw new DirectoryException(
- ResultCode.INSUFFICIENT_ACCESS_RIGHTS,
+ // Check if the current user has permission to make this determination.
+ if (!getAccessControlHandler().isAllowed(this, entry, filter))
+ {
+ throw new DirectoryException(ResultCode.INSUFFICIENT_ACCESS_RIGHTS,
ERR_CONTROL_INSUFFICIENT_ACCESS_RIGHTS.get(oid));
- }
-
- try
- {
- if (!filter.matchesEntry(entry))
- {
- throw newDirectoryException(entry, ResultCode.ASSERTION_FAILED,
- ERR_COMPARE_ASSERTION_FAILED.get(entryDN));
- }
- }
- catch (DirectoryException de)
- {
- if (de.getResultCode() == ResultCode.ASSERTION_FAILED)
- {
- throw de;
- }
-
- logger.traceException(de);
-
- throw newDirectoryException(entry, de.getResultCode(),
- ERR_COMPARE_CANNOT_PROCESS_ASSERTION_FILTER.get(entryDN, de.getMessageObject()));
- }
}
- else if (LocalBackendWorkflowElement.isProxyAuthzControl(oid))
+
+ try
{
- continue;
+ if (!filter.matchesEntry(entry))
+ {
+ throw newDirectoryException(entry, ResultCode.ASSERTION_FAILED, ERR_COMPARE_ASSERTION_FAILED.get(entryDN));
+ }
}
-
- // NYI -- Add support for additional controls.
- else if (c.isCritical()
- && (backend == null || !backend.supportsControl(oid)))
+ catch (DirectoryException de)
{
- throw new DirectoryException(
- ResultCode.UNAVAILABLE_CRITICAL_EXTENSION,
- ERR_COMPARE_UNSUPPORTED_CRITICAL_CONTROL.get(entryDN, oid));
+ if (de.getResultCode() == ResultCode.ASSERTION_FAILED)
+ {
+ throw de;
+ }
+
+ logger.traceException(de);
+
+ throw newDirectoryException(entry, de.getResultCode(),
+ ERR_COMPARE_CANNOT_PROCESS_ASSERTION_FILTER.get(entryDN, de.getMessageObject()));
}
}
+ else if (LocalBackendWorkflowElement.isProxyAuthzControl(oid))
+ {
+ continue;
+ }
+ else if (c.isCritical() && (backend == null || !backend.supportsControl(oid)))
+ {
+ throw new DirectoryException(ResultCode.UNAVAILABLE_CRITICAL_EXTENSION,
+ ERR_COMPARE_UNSUPPORTED_CRITICAL_CONTROL.get(entryDN, oid));
+ }
}
}
diff --git a/opendj-server-legacy/src/main/java/org/opends/server/workflowelement/localbackend/LocalBackendDeleteOperation.java b/opendj-server-legacy/src/main/java/org/opends/server/workflowelement/localbackend/LocalBackendDeleteOperation.java
index b9cf97a..3dcffd2 100644
--- a/opendj-server-legacy/src/main/java/org/opends/server/workflowelement/localbackend/LocalBackendDeleteOperation.java
+++ b/opendj-server-legacy/src/main/java/org/opends/server/workflowelement/localbackend/LocalBackendDeleteOperation.java
@@ -26,7 +26,6 @@
*/
package org.opends.server.workflowelement.localbackend;
-import java.util.List;
import java.util.concurrent.atomic.AtomicBoolean;
import org.forgerock.i18n.LocalizableMessage;
@@ -392,89 +391,73 @@
LocalBackendWorkflowElement.evaluateProxyAuthControls(this);
LocalBackendWorkflowElement.removeAllDisallowedControls(entryDN, this);
- List<Control> requestControls = getRequestControls();
- if (requestControls != null && !requestControls.isEmpty())
+ for (Control c : getRequestControls())
{
- for (Control c : requestControls)
+ final String oid = c.getOID();
+ if (OID_LDAP_ASSERTION.equals(oid))
{
- final String oid = c.getOID();
- if (OID_LDAP_ASSERTION.equals(oid))
+ LDAPAssertionRequestControl assertControl = getRequestControl(LDAPAssertionRequestControl.DECODER);
+
+ SearchFilter filter;
+ try
{
- LDAPAssertionRequestControl assertControl =
- getRequestControl(LDAPAssertionRequestControl.DECODER);
+ filter = assertControl.getSearchFilter();
+ }
+ catch (DirectoryException de)
+ {
+ logger.traceException(de);
- SearchFilter filter;
- try
- {
- filter = assertControl.getSearchFilter();
- }
- catch (DirectoryException de)
- {
- logger.traceException(de);
+ throw newDirectoryException(entry, de.getResultCode(),
+ ERR_DELETE_CANNOT_PROCESS_ASSERTION_FILTER.get(entryDN, de.getMessageObject()));
+ }
- throw newDirectoryException(entry, de.getResultCode(),
- ERR_DELETE_CANNOT_PROCESS_ASSERTION_FILTER.get(entryDN, de.getMessageObject()));
- }
-
- // Check if the current user has permission to make this determination.
- if (!getAccessControlHandler().isAllowed(this, entry, filter))
- {
- throw new DirectoryException(
- ResultCode.INSUFFICIENT_ACCESS_RIGHTS,
+ // Check if the current user has permission to make this determination.
+ if (!getAccessControlHandler().isAllowed(this, entry, filter))
+ {
+ throw new DirectoryException(ResultCode.INSUFFICIENT_ACCESS_RIGHTS,
ERR_CONTROL_INSUFFICIENT_ACCESS_RIGHTS.get(oid));
- }
+ }
- try
+ try
+ {
+ if (!filter.matchesEntry(entry))
{
- if (!filter.matchesEntry(entry))
- {
- throw newDirectoryException(entry, ResultCode.ASSERTION_FAILED,
- ERR_DELETE_ASSERTION_FAILED.get(entryDN));
- }
+ throw newDirectoryException(entry, ResultCode.ASSERTION_FAILED, ERR_DELETE_ASSERTION_FAILED.get(entryDN));
}
- catch (DirectoryException de)
+ }
+ catch (DirectoryException de)
+ {
+ if (de.getResultCode() == ResultCode.ASSERTION_FAILED)
{
- if (de.getResultCode() == ResultCode.ASSERTION_FAILED)
- {
- throw de;
- }
-
- logger.traceException(de);
-
- throw newDirectoryException(entry, de.getResultCode(),
- ERR_DELETE_CANNOT_PROCESS_ASSERTION_FILTER.get(entryDN, de.getMessageObject()));
+ throw de;
}
- }
- else if (OID_LDAP_NOOP_OPENLDAP_ASSIGNED.equals(oid))
- {
- noOp = true;
- }
- else if (OID_LDAP_READENTRY_PREREAD.equals(oid))
- {
- preReadRequest =
- getRequestControl(LDAPPreReadRequestControl.DECODER);
- }
- else if (LocalBackendWorkflowElement.isProxyAuthzControl(oid))
- {
- continue;
- }
- // NYI -- Add support for additional controls.
- else if (c.isCritical()
- && (backend == null || !backend.supportsControl(oid)))
- {
- throw newDirectoryException(entry,
- ResultCode.UNAVAILABLE_CRITICAL_EXTENSION,
- ERR_DELETE_UNSUPPORTED_CRITICAL_CONTROL.get(entryDN, oid));
+
+ logger.traceException(de);
+
+ throw newDirectoryException(entry, de.getResultCode(),
+ ERR_DELETE_CANNOT_PROCESS_ASSERTION_FILTER.get(entryDN, de.getMessageObject()));
}
}
+ else if (OID_LDAP_NOOP_OPENLDAP_ASSIGNED.equals(oid))
+ {
+ noOp = true;
+ }
+ else if (OID_LDAP_READENTRY_PREREAD.equals(oid))
+ {
+ preReadRequest = getRequestControl(LDAPPreReadRequestControl.DECODER);
+ }
+ else if (LocalBackendWorkflowElement.isProxyAuthzControl(oid))
+ {
+ continue;
+ }
+ else if (c.isCritical() && (backend == null || !backend.supportsControl(oid)))
+ {
+ throw newDirectoryException(entry, ResultCode.UNAVAILABLE_CRITICAL_EXTENSION,
+ ERR_DELETE_UNSUPPORTED_CRITICAL_CONTROL.get(entryDN, oid));
+ }
}
}
- private DN getName(Entry e)
- {
- return e != null ? e.getName() : DN.rootDN();
- }
-
/**
* Handle conflict resolution.
* @return {@code true} if processing should continue for the operation, or
diff --git a/opendj-server-legacy/src/main/java/org/opends/server/workflowelement/localbackend/LocalBackendModifyDNOperation.java b/opendj-server-legacy/src/main/java/org/opends/server/workflowelement/localbackend/LocalBackendModifyDNOperation.java
index 7f076b2..81e6483 100644
--- a/opendj-server-legacy/src/main/java/org/opends/server/workflowelement/localbackend/LocalBackendModifyDNOperation.java
+++ b/opendj-server-legacy/src/main/java/org/opends/server/workflowelement/localbackend/LocalBackendModifyDNOperation.java
@@ -37,6 +37,7 @@
import org.forgerock.opendj.ldap.ByteString;
import org.forgerock.opendj.ldap.ModificationType;
import org.forgerock.opendj.ldap.ResultCode;
+import org.opends.server.api.AccessControlHandler;
import org.opends.server.api.Backend;
import org.opends.server.api.ClientConnection;
import org.opends.server.api.SynchronizationProvider;
@@ -360,8 +361,7 @@
// to the client.
try
{
- if (!AccessControlConfigManager.getInstance().getAccessControlHandler()
- .isAllowed(this))
+ if (!getAccessControlHandler().isAllowed(this))
{
setResultCodeAndMessageNoInfoDisclosure(currentEntry, entryDN,
ResultCode.INSUFFICIENT_ACCESS_RIGHTS,
@@ -527,103 +527,92 @@
LocalBackendWorkflowElement.evaluateProxyAuthControls(this);
LocalBackendWorkflowElement.removeAllDisallowedControls(entryDN, this);
- final List<Control> requestControls = getRequestControls();
- if (requestControls != null && !requestControls.isEmpty())
+ for (ListIterator<Control> iter = getRequestControls().listIterator(); iter.hasNext();)
{
- for (ListIterator<Control> iter = requestControls.listIterator(); iter.hasNext();)
+ final Control c = iter.next();
+ final String oid = c.getOID();
+
+ if (OID_LDAP_ASSERTION.equals(oid))
{
- final Control c = iter.next();
- final String oid = c.getOID();
+ LDAPAssertionRequestControl assertControl = getRequestControl(LDAPAssertionRequestControl.DECODER);
- if (OID_LDAP_ASSERTION.equals(oid))
+ SearchFilter filter;
+ try
{
- LDAPAssertionRequestControl assertControl =
- getRequestControl(LDAPAssertionRequestControl.DECODER);
+ filter = assertControl.getSearchFilter();
+ }
+ catch (DirectoryException de)
+ {
+ logger.traceException(de);
- SearchFilter filter;
- try
- {
- filter = assertControl.getSearchFilter();
- }
- catch (DirectoryException de)
- {
- logger.traceException(de);
+ throw newDirectoryException(currentEntry, de.getResultCode(),
+ ERR_MODDN_CANNOT_PROCESS_ASSERTION_FILTER.get(entryDN, de.getMessageObject()));
+ }
- throw newDirectoryException(currentEntry, de.getResultCode(),
- ERR_MODDN_CANNOT_PROCESS_ASSERTION_FILTER.get(entryDN, de.getMessageObject()));
- }
-
- // Check if the current user has permission to make
- // this determination.
- if (!AccessControlConfigManager.getInstance().
- getAccessControlHandler().isAllowed(this, currentEntry, filter))
- {
- throw new DirectoryException(
- ResultCode.INSUFFICIENT_ACCESS_RIGHTS,
+ // Check if the current user has permission to make this determination.
+ if (!getAccessControlHandler().isAllowed(this, currentEntry, filter))
+ {
+ throw new DirectoryException(ResultCode.INSUFFICIENT_ACCESS_RIGHTS,
ERR_CONTROL_INSUFFICIENT_ACCESS_RIGHTS.get(oid));
+ }
+
+ try
+ {
+ if (!filter.matchesEntry(currentEntry))
+ {
+ throw newDirectoryException(currentEntry, ResultCode.ASSERTION_FAILED,
+ ERR_MODDN_ASSERTION_FAILED.get(entryDN));
+ }
+ }
+ catch (DirectoryException de)
+ {
+ if (de.getResultCode() == ResultCode.ASSERTION_FAILED)
+ {
+ throw de;
}
- try
- {
- if (!filter.matchesEntry(currentEntry))
- {
- throw newDirectoryException(currentEntry,
- ResultCode.ASSERTION_FAILED,
- ERR_MODDN_ASSERTION_FAILED.get(entryDN));
- }
- }
- catch (DirectoryException de)
- {
- if (de.getResultCode() == ResultCode.ASSERTION_FAILED)
- {
- throw de;
- }
+ logger.traceException(de);
- logger.traceException(de);
-
- throw newDirectoryException(currentEntry, de.getResultCode(),
- ERR_MODDN_CANNOT_PROCESS_ASSERTION_FILTER.get(entryDN, de.getMessageObject()));
- }
+ throw newDirectoryException(currentEntry, de.getResultCode(),
+ ERR_MODDN_CANNOT_PROCESS_ASSERTION_FILTER.get(entryDN, de.getMessageObject()));
}
- else if (OID_LDAP_NOOP_OPENLDAP_ASSIGNED.equals(oid))
+ }
+ else if (OID_LDAP_NOOP_OPENLDAP_ASSIGNED.equals(oid))
+ {
+ noOp = true;
+ }
+ else if (OID_LDAP_READENTRY_PREREAD.equals(oid))
+ {
+ preReadRequest = getRequestControl(LDAPPreReadRequestControl.DECODER);
+ iter.set(preReadRequest);
+ }
+ else if (OID_LDAP_READENTRY_POSTREAD.equals(oid))
+ {
+ if (c instanceof LDAPPostReadRequestControl)
{
- noOp = true;
+ postReadRequest = (LDAPPostReadRequestControl) c;
}
- else if (OID_LDAP_READENTRY_PREREAD.equals(oid))
+ else
{
- preReadRequest = getRequestControl(LDAPPreReadRequestControl.DECODER);
- iter.set(preReadRequest);
+ postReadRequest = getRequestControl(LDAPPostReadRequestControl.DECODER);
+ iter.set(postReadRequest);
}
- else if (OID_LDAP_READENTRY_POSTREAD.equals(oid))
- {
- if (c instanceof LDAPPostReadRequestControl)
- {
- postReadRequest = (LDAPPostReadRequestControl) c;
- }
- else
- {
- postReadRequest = getRequestControl(LDAPPostReadRequestControl.DECODER);
- iter.set(postReadRequest);
- }
- }
- else if (LocalBackendWorkflowElement.isProxyAuthzControl(oid))
- {
- continue;
- }
- else if (c.isCritical()
- && (backend == null || !backend.supportsControl(oid)))
- {
- throw new DirectoryException(
- ResultCode.UNAVAILABLE_CRITICAL_EXTENSION,
- ERR_MODDN_UNSUPPORTED_CRITICAL_CONTROL.get(entryDN, oid));
- }
+ }
+ else if (LocalBackendWorkflowElement.isProxyAuthzControl(oid))
+ {
+ continue;
+ }
+ else if (c.isCritical() && (backend == null || !backend.supportsControl(oid)))
+ {
+ throw new DirectoryException(ResultCode.UNAVAILABLE_CRITICAL_EXTENSION,
+ ERR_MODDN_UNSUPPORTED_CRITICAL_CONTROL.get(entryDN, oid));
}
}
}
- private DN getName(Entry e)
+ private AccessControlHandler<?> getAccessControlHandler()
{
- return e != null ? e.getName() : DN.rootDN();
+ return AccessControlConfigManager.getInstance().getAccessControlHandler();
}
/**
diff --git a/opendj-server-legacy/src/main/java/org/opends/server/workflowelement/localbackend/LocalBackendModifyOperation.java b/opendj-server-legacy/src/main/java/org/opends/server/workflowelement/localbackend/LocalBackendModifyOperation.java
index 6c97923..831d545 100644
--- a/opendj-server-legacy/src/main/java/org/opends/server/workflowelement/localbackend/LocalBackendModifyOperation.java
+++ b/opendj-server-legacy/src/main/java/org/opends/server/workflowelement/localbackend/LocalBackendModifyOperation.java
@@ -632,104 +632,92 @@
LocalBackendWorkflowElement.evaluateProxyAuthControls(this);
LocalBackendWorkflowElement.removeAllDisallowedControls(entryDN, this);
- List<Control> requestControls = getRequestControls();
- if (requestControls != null && !requestControls.isEmpty())
+ for (ListIterator<Control> iter = getRequestControls().listIterator(); iter.hasNext();)
{
- for (ListIterator<Control> iter = requestControls.listIterator(); iter.hasNext();)
+ final Control c = iter.next();
+ final String oid = c.getOID();
+
+ if (OID_LDAP_ASSERTION.equals(oid))
{
- final Control c = iter.next();
- final String oid = c.getOID();
+ LDAPAssertionRequestControl assertControl = getRequestControl(LDAPAssertionRequestControl.DECODER);
- if (OID_LDAP_ASSERTION.equals(oid))
+ SearchFilter filter;
+ try
{
- LDAPAssertionRequestControl assertControl =
- getRequestControl(LDAPAssertionRequestControl.DECODER);
+ filter = assertControl.getSearchFilter();
+ }
+ catch (DirectoryException de)
+ {
+ logger.traceException(de);
- SearchFilter filter;
- try
- {
- filter = assertControl.getSearchFilter();
- }
- catch (DirectoryException de)
- {
- logger.traceException(de);
+ throw newDirectoryException(currentEntry, de.getResultCode(),
+ ERR_MODIFY_CANNOT_PROCESS_ASSERTION_FILTER.get(entryDN, de.getMessageObject()));
+ }
- throw newDirectoryException(currentEntry, de.getResultCode(),
- ERR_MODIFY_CANNOT_PROCESS_ASSERTION_FILTER.get(
- entryDN, de.getMessageObject()));
- }
-
- // Check if the current user has permission to make this determination.
- if (!getAccessControlHandler().isAllowed(this, currentEntry, filter))
- {
- throw new DirectoryException(
- ResultCode.INSUFFICIENT_ACCESS_RIGHTS,
+ // Check if the current user has permission to make this determination.
+ if (!getAccessControlHandler().isAllowed(this, currentEntry, filter))
+ {
+ throw new DirectoryException(ResultCode.INSUFFICIENT_ACCESS_RIGHTS,
ERR_CONTROL_INSUFFICIENT_ACCESS_RIGHTS.get(oid));
+ }
+
+ try
+ {
+ if (!filter.matchesEntry(currentEntry))
+ {
+ throw newDirectoryException(currentEntry, ResultCode.ASSERTION_FAILED,
+ ERR_MODIFY_ASSERTION_FAILED.get(entryDN));
+ }
+ }
+ catch (DirectoryException de)
+ {
+ if (de.getResultCode() == ResultCode.ASSERTION_FAILED)
+ {
+ throw de;
}
- try
- {
- if (!filter.matchesEntry(currentEntry))
- {
- throw newDirectoryException(currentEntry,
- ResultCode.ASSERTION_FAILED,
- ERR_MODIFY_ASSERTION_FAILED.get(entryDN));
- }
- }
- catch (DirectoryException de)
- {
- if (de.getResultCode() == ResultCode.ASSERTION_FAILED)
- {
- throw de;
- }
+ logger.traceException(de);
- logger.traceException(de);
-
- throw newDirectoryException(currentEntry, de.getResultCode(),
- ERR_MODIFY_CANNOT_PROCESS_ASSERTION_FILTER.get(
- entryDN, de.getMessageObject()));
- }
+ throw newDirectoryException(currentEntry, de.getResultCode(),
+ ERR_MODIFY_CANNOT_PROCESS_ASSERTION_FILTER.get(entryDN, de.getMessageObject()));
}
- else if (OID_LDAP_NOOP_OPENLDAP_ASSIGNED.equals(oid))
+ }
+ else if (OID_LDAP_NOOP_OPENLDAP_ASSIGNED.equals(oid))
+ {
+ noOp = true;
+ }
+ else if (OID_PERMISSIVE_MODIFY_CONTROL.equals(oid))
+ {
+ permissiveModify = true;
+ }
+ else if (OID_LDAP_READENTRY_PREREAD.equals(oid))
+ {
+ preReadRequest = getRequestControl(LDAPPreReadRequestControl.DECODER);
+ }
+ else if (OID_LDAP_READENTRY_POSTREAD.equals(oid))
+ {
+ if (c instanceof LDAPPostReadRequestControl)
{
- noOp = true;
+ postReadRequest = (LDAPPostReadRequestControl) c;
}
- else if (OID_PERMISSIVE_MODIFY_CONTROL.equals(oid))
+ else
{
- permissiveModify = true;
+ postReadRequest = getRequestControl(LDAPPostReadRequestControl.DECODER);
+ iter.set(postReadRequest);
}
- else if (OID_LDAP_READENTRY_PREREAD.equals(oid))
- {
- preReadRequest = getRequestControl(LDAPPreReadRequestControl.DECODER);
- }
- else if (OID_LDAP_READENTRY_POSTREAD.equals(oid))
- {
- if (c instanceof LDAPPostReadRequestControl)
- {
- postReadRequest = (LDAPPostReadRequestControl) c;
- }
- else
- {
- postReadRequest = getRequestControl(LDAPPostReadRequestControl.DECODER);
- iter.set(postReadRequest);
- }
- }
- else if (LocalBackendWorkflowElement.isProxyAuthzControl(oid))
- {
- continue;
- }
- else if (OID_PASSWORD_POLICY_CONTROL.equals(oid))
- {
- pwPolicyControlRequested = true;
- }
- // NYI -- Add support for additional controls.
- else if (c.isCritical()
- && (backend == null || !backend.supportsControl(oid)))
- {
- throw newDirectoryException(currentEntry,
- ResultCode.UNAVAILABLE_CRITICAL_EXTENSION,
- ERR_MODIFY_UNSUPPORTED_CRITICAL_CONTROL.get(entryDN, oid));
- }
+ }
+ else if (LocalBackendWorkflowElement.isProxyAuthzControl(oid))
+ {
+ continue;
+ }
+ else if (OID_PASSWORD_POLICY_CONTROL.equals(oid))
+ {
+ pwPolicyControlRequested = true;
+ }
+ else if (c.isCritical() && (backend == null || !backend.supportsControl(oid)))
+ {
+ throw newDirectoryException(currentEntry, ResultCode.UNAVAILABLE_CRITICAL_EXTENSION,
+ ERR_MODIFY_UNSUPPORTED_CRITICAL_CONTROL.get(entryDN, oid));
}
}
}
diff --git a/opendj-server-legacy/src/main/java/org/opends/server/workflowelement/localbackend/LocalBackendSearchOperation.java b/opendj-server-legacy/src/main/java/org/opends/server/workflowelement/localbackend/LocalBackendSearchOperation.java
index 7a4bd73..ee39e52 100644
--- a/opendj-server-legacy/src/main/java/org/opends/server/workflowelement/localbackend/LocalBackendSearchOperation.java
+++ b/opendj-server-legacy/src/main/java/org/opends/server/workflowelement/localbackend/LocalBackendSearchOperation.java
@@ -26,7 +26,6 @@
*/
package org.opends.server.workflowelement.localbackend;
-import java.util.List;
import java.util.concurrent.atomic.AtomicBoolean;
import org.forgerock.i18n.slf4j.LocalizedLogger;
@@ -285,138 +284,117 @@
LocalBackendWorkflowElement.evaluateProxyAuthControls(this);
LocalBackendWorkflowElement.removeAllDisallowedControls(baseDN, this);
- List<Control> requestControls = getRequestControls();
- if (requestControls != null && ! requestControls.isEmpty())
+ for (Control c : getRequestControls())
{
- for (Control c : requestControls)
+ final String oid = c.getOID();
+
+ if (OID_LDAP_ASSERTION.equals(oid))
{
- final String oid = c.getOID();
+ LDAPAssertionRequestControl assertControl = getRequestControl(LDAPAssertionRequestControl.DECODER);
- if (OID_LDAP_ASSERTION.equals(oid))
+ SearchFilter assertionFilter;
+ try
{
- LDAPAssertionRequestControl assertControl =
- getRequestControl(LDAPAssertionRequestControl.DECODER);
+ assertionFilter = assertControl.getSearchFilter();
+ }
+ catch (DirectoryException de)
+ {
+ logger.traceException(de);
- SearchFilter assertionFilter;
- try
- {
- assertionFilter = assertControl.getSearchFilter();
- }
- catch (DirectoryException de)
- {
- logger.traceException(de);
+ throw new DirectoryException(de.getResultCode(),
+ ERR_SEARCH_CANNOT_PROCESS_ASSERTION_FILTER.get(de.getMessageObject()), de);
+ }
- throw new DirectoryException(de.getResultCode(),
- ERR_SEARCH_CANNOT_PROCESS_ASSERTION_FILTER.get(
- de.getMessageObject()), de);
- }
+ Entry entry;
+ try
+ {
+ entry = DirectoryServer.getEntry(baseDN);
+ }
+ catch (DirectoryException de)
+ {
+ logger.traceException(de);
- Entry entry;
- try
- {
- entry = DirectoryServer.getEntry(baseDN);
- }
- catch (DirectoryException de)
- {
- logger.traceException(de);
+ throw new DirectoryException(de.getResultCode(),
+ ERR_SEARCH_CANNOT_GET_ENTRY_FOR_ASSERTION.get(de.getMessageObject()));
+ }
- throw new DirectoryException(de.getResultCode(),
- ERR_SEARCH_CANNOT_GET_ENTRY_FOR_ASSERTION.get(
- de.getMessageObject()));
- }
+ if (entry == null)
+ {
+ throw new DirectoryException(ResultCode.NO_SUCH_OBJECT, ERR_SEARCH_NO_SUCH_ENTRY_FOR_ASSERTION.get());
+ }
- if (entry == null)
- {
- throw new DirectoryException(ResultCode.NO_SUCH_OBJECT,
- ERR_SEARCH_NO_SUCH_ENTRY_FOR_ASSERTION.get());
- }
-
- // Check if the current user has permission to make this determination.
- if (!getAccessControlHandler().isAllowed(this, entry, assertionFilter))
- {
- throw new DirectoryException(
- ResultCode.INSUFFICIENT_ACCESS_RIGHTS,
+ // Check if the current user has permission to make this determination.
+ if (!getAccessControlHandler().isAllowed(this, entry, assertionFilter))
+ {
+ throw new DirectoryException(ResultCode.INSUFFICIENT_ACCESS_RIGHTS,
ERR_CONTROL_INSUFFICIENT_ACCESS_RIGHTS.get(oid));
- }
+ }
- try {
- if (! assertionFilter.matchesEntry(entry))
- {
- throw new DirectoryException(ResultCode.ASSERTION_FAILED,
- ERR_SEARCH_ASSERTION_FAILED.get());
- }
- }
- catch (DirectoryException de)
+ try
+ {
+ if (!assertionFilter.matchesEntry(entry))
{
- if (de.getResultCode() == ResultCode.ASSERTION_FAILED)
- {
- throw de;
- }
-
- logger.traceException(de);
-
- throw new DirectoryException(de.getResultCode(),
- ERR_SEARCH_CANNOT_PROCESS_ASSERTION_FILTER.get(
- de.getMessageObject()), de);
+ throw new DirectoryException(ResultCode.ASSERTION_FAILED, ERR_SEARCH_ASSERTION_FAILED.get());
}
}
- else if (LocalBackendWorkflowElement.isProxyAuthzControl(oid))
+ catch (DirectoryException de)
{
- continue;
- }
- else if (OID_PERSISTENT_SEARCH.equals(oid))
- {
- final PersistentSearchControl ctrl =
- getRequestControl(PersistentSearchControl.DECODER);
+ if (de.getResultCode() == ResultCode.ASSERTION_FAILED)
+ {
+ throw de;
+ }
- persistentSearch = new PersistentSearch(this,
- ctrl.getChangeTypes(), ctrl.getChangesOnly(), ctrl.getReturnECs());
- }
- else if (OID_LDAP_SUBENTRIES.equals(oid))
- {
- SubentriesControl subentriesControl =
- getRequestControl(SubentriesControl.DECODER);
- setReturnSubentriesOnly(subentriesControl.getVisibility());
- }
- else if (OID_LDUP_SUBENTRIES.equals(oid))
- {
- // Support for legacy draft-ietf-ldup-subentry.
- addAdditionalLogItem(AdditionalLogItem.keyOnly(getClass(),
- "obsoleteSubentryControl"));
+ logger.traceException(de);
- setReturnSubentriesOnly(true);
+ throw new DirectoryException(de.getResultCode(),
+ ERR_SEARCH_CANNOT_PROCESS_ASSERTION_FILTER.get(de.getMessageObject()), de);
}
- else if (OID_MATCHED_VALUES.equals(oid))
- {
- MatchedValuesControl matchedValuesControl =
- getRequestControl(MatchedValuesControl.DECODER);
- setMatchedValuesControl(matchedValuesControl);
- }
- else if (OID_ACCOUNT_USABLE_CONTROL.equals(oid))
- {
- setIncludeUsableControl(true);
- }
- else if (OID_REAL_ATTRS_ONLY.equals(oid))
- {
- setRealAttributesOnly(true);
- }
- else if (OID_VIRTUAL_ATTRS_ONLY.equals(oid))
- {
- setVirtualAttributesOnly(true);
- }
- else if (OID_GET_EFFECTIVE_RIGHTS.equals(oid) &&
- DirectoryServer.isSupportedControl(OID_GET_EFFECTIVE_RIGHTS))
- {
- // Do nothing here and let AciHandler deal with it.
- }
+ }
+ else if (LocalBackendWorkflowElement.isProxyAuthzControl(oid))
+ {
+ continue;
+ }
+ else if (OID_PERSISTENT_SEARCH.equals(oid))
+ {
+ final PersistentSearchControl ctl = getRequestControl(PersistentSearchControl.DECODER);
+ persistentSearch = new PersistentSearch(this, ctl.getChangeTypes(), ctl.getChangesOnly(), ctl.getReturnECs());
+ }
+ else if (OID_LDAP_SUBENTRIES.equals(oid))
+ {
+ SubentriesControl subentriesControl = getRequestControl(SubentriesControl.DECODER);
+ setReturnSubentriesOnly(subentriesControl.getVisibility());
+ }
+ else if (OID_LDUP_SUBENTRIES.equals(oid))
+ {
+ // Support for legacy draft-ietf-ldup-subentry.
+ addAdditionalLogItem(AdditionalLogItem.keyOnly(getClass(), "obsoleteSubentryControl"));
- // NYI -- Add support for additional controls.
- else if (c.isCritical() && !backendSupportsControl(oid))
- {
- throw new DirectoryException(
- ResultCode.UNAVAILABLE_CRITICAL_EXTENSION,
- ERR_SEARCH_UNSUPPORTED_CRITICAL_CONTROL.get(oid));
- }
+ setReturnSubentriesOnly(true);
+ }
+ else if (OID_MATCHED_VALUES.equals(oid))
+ {
+ setMatchedValuesControl(getRequestControl(MatchedValuesControl.DECODER));
+ }
+ else if (OID_ACCOUNT_USABLE_CONTROL.equals(oid))
+ {
+ setIncludeUsableControl(true);
+ }
+ else if (OID_REAL_ATTRS_ONLY.equals(oid))
+ {
+ setRealAttributesOnly(true);
+ }
+ else if (OID_VIRTUAL_ATTRS_ONLY.equals(oid))
+ {
+ setVirtualAttributesOnly(true);
+ }
+ else if (OID_GET_EFFECTIVE_RIGHTS.equals(oid) && DirectoryServer.isSupportedControl(OID_GET_EFFECTIVE_RIGHTS))
+ {
+ // Do nothing here and let AciHandler deal with it.
+ }
+ else if (c.isCritical() && !backendSupportsControl(oid))
+ {
+ throw new DirectoryException(ResultCode.UNAVAILABLE_CRITICAL_EXTENSION,
+ ERR_SEARCH_UNSUPPORTED_CRITICAL_CONTROL.get(oid));
}
}
}
diff --git a/opendj-server-legacy/src/main/java/org/opends/server/workflowelement/localbackend/LocalBackendWorkflowElement.java b/opendj-server-legacy/src/main/java/org/opends/server/workflowelement/localbackend/LocalBackendWorkflowElement.java
index f90ec10..b7eb86e 100644
--- a/opendj-server-legacy/src/main/java/org/opends/server/workflowelement/localbackend/LocalBackendWorkflowElement.java
+++ b/opendj-server-legacy/src/main/java/org/opends/server/workflowelement/localbackend/LocalBackendWorkflowElement.java
@@ -315,30 +315,25 @@
*/
static void removeAllDisallowedControls(DN targetDN, Operation operation) throws DirectoryException
{
- List<Control> requestControls = operation.getRequestControls();
- if (requestControls != null && !requestControls.isEmpty())
+ for (Iterator<Control> iter = operation.getRequestControls().iterator(); iter.hasNext();)
{
- for (Iterator<Control> iter = requestControls.iterator(); iter.hasNext();)
+ final Control control = iter.next();
+ if (isProxyAuthzControl(control.getOID()))
{
- final Control control = iter.next();
- if (isProxyAuthzControl(control.getOID()))
+ continue;
+ }
+
+ if (!getAccessControlHandler().isAllowed(targetDN, operation, control))
+ {
+ // As per RFC 4511 4.1.11.
+ if (control.isCritical())
{
- continue;
+ throw new DirectoryException(ResultCode.UNAVAILABLE_CRITICAL_EXTENSION,
+ ERR_CONTROL_INSUFFICIENT_ACCESS_RIGHTS.get(control.getOID()));
}
- if (!getAccessControlHandler().isAllowed(targetDN, operation, control))
- {
- // As per RFC 4511 4.1.11.
- if (control.isCritical())
- {
- throw new DirectoryException(
- ResultCode.UNAVAILABLE_CRITICAL_EXTENSION,
- ERR_CONTROL_INSUFFICIENT_ACCESS_RIGHTS.get(control.getOID()));
- }
-
- // We do not want the backend to process this non-critical control, so remove it.
- iter.remove();
- }
+ // We do not want the backend to process this non-critical control, so remove it.
+ iter.remove();
}
}
}
@@ -354,28 +349,23 @@
*/
static void evaluateProxyAuthControls(Operation operation) throws DirectoryException
{
- final List<Control> requestControls = operation.getRequestControls();
- if (requestControls != null && !requestControls.isEmpty())
+ for (Control control : operation.getRequestControls())
{
- for (Control control : requestControls)
+ final String oid = control.getOID();
+ if (isProxyAuthzControl(oid))
{
- final String oid = control.getOID();
- if (isProxyAuthzControl(oid))
+ DN authDN = operation.getClientConnection().getAuthenticationInfo().getAuthenticationDN();
+ if (getAccessControlHandler().isAllowed(authDN, operation, control))
{
- if (getAccessControlHandler().isAllowed(operation.getClientConnection()
- .getAuthenticationInfo().getAuthenticationDN(), operation, control))
+ processProxyAuthControls(operation, oid);
+ }
+ else
+ {
+ // As per RFC 4511 4.1.11.
+ if (control.isCritical())
{
- processProxyAuthControls(operation, oid);
- }
- else
- {
- // As per RFC 4511 4.1.11.
- if (control.isCritical())
- {
- throw new DirectoryException(
- ResultCode.UNAVAILABLE_CRITICAL_EXTENSION,
- ERR_CONTROL_INSUFFICIENT_ACCESS_RIGHTS.get(control.getOID()));
- }
+ throw new DirectoryException(ResultCode.UNAVAILABLE_CRITICAL_EXTENSION,
+ ERR_CONTROL_INSUFFICIENT_ACCESS_RIGHTS.get(control.getOID()));
}
}
}
--
Gitblit v1.10.0