Package org.apache.directory.server.core.entry

Examples of org.apache.directory.server.core.entry.ClonedServerEntry


    private Object executeProcedure( OperationContext opContext, String procedure, Object[] values ) throws Exception
    {
       
        try
        {
            ClonedServerEntry spUnit = manager.findStoredProcUnit( opContext.getSession(), procedure );
            StoredProcEngine engine = manager.getStoredProcEngineInstance( spUnit );
            return engine.invokeProcedure( opContext.getSession(), procedure, values );
        }
        catch ( Exception e )
        {
View Full Code Here


   
    public ClonedServerEntry lookup( NextInterceptor nextInterceptor, LookupOperationContext opContext )
        throws Exception
    {
        ClonedServerEntry result = nextInterceptor.lookup( opContext );
       
        if ( result == null )
        {
            return null;
        }
View Full Code Here

            ksFile.delete();
        }
       
        ksFile = File.createTempFile( "testStore", "ks" );
        CoreSession session = ldapServer.getDirectoryService().getAdminSession();
        ClonedServerEntry entry = session.lookup( new DN( "uid=admin,ou=system" ), CERT_IDS );
        byte[] userCertificate = entry.get( CERT_IDS[0] ).getBytes();
        assertNotNull( userCertificate );

        ByteArrayInputStream in = new ByteArrayInputStream( userCertificate );
        CertificateFactory factory = CertificateFactory.getInstance( "X.509" );
        Certificate cert = factory.generateCertificate( in );
View Full Code Here

            ksFile.delete();
        }
       
        ksFile = File.createTempFile( "testStore", "ks" );
        CoreSession session = ldapServer.getDirectoryService().getAdminSession();
        ClonedServerEntry entry = session.lookup( new DN( "uid=admin,ou=system" ), CERT_IDS );
        byte[] userCertificate = entry.get( CERT_IDS[0] ).getBytes();
        assertNotNull( userCertificate );

        ByteArrayInputStream in = new ByteArrayInputStream( userCertificate );
        CertificateFactory factory = CertificateFactory.getInstance( "X.509" );
        Certificate cert = factory.generateCertificate( in );
View Full Code Here

        {
            next.delete( deleteContext );
            return;
        }

        ClonedServerEntry entry = deleteContext.lookup( name, ByPassConstants.LOOKUP_BYPASS );

        protectCriticalEntries( name );

        // bypass authz code but manage caches if operation is performed by the admin
        if ( isPrincipalAnAdministrator( principalDn ) )
        {
            next.delete( deleteContext );
            tupleCache.subentryDeleted( name, entry );
            groupCache.groupDeleted( name, entry );
            return;
        }

        Set<DN> userGroups = groupCache.getGroups( principalDn.getNormName() );
        Collection<ACITuple> tuples = new HashSet<ACITuple>();
        addPerscriptiveAciTuples( deleteContext, tuples, name, entry.getOriginalEntry() );
        addEntryAciTuples( tuples, entry );
        addSubentryAciTuples( deleteContext, tuples, name, entry );

        engine.checkPermission( schemaManager, deleteContext, userGroups, principalDn,
            principal.getAuthenticationLevel(), name, null, null, REMOVE_PERMS, tuples, entry, null );
View Full Code Here

    public void modify( NextInterceptor next, ModifyOperationContext opContext ) throws Exception
    {
        DN name = opContext.getDn();

        // Access the principal requesting the operation, and bypass checks if it is the admin
        ClonedServerEntry entry = opContext.lookup( name, ByPassConstants.LOOKUP_BYPASS );
       
        LdapPrincipal principal = opContext.getSession().getEffectivePrincipal();
        DN principalDn = principal.getClonedName();

        // bypass authz code if we are disabled
        if ( !opContext.getSession().getDirectoryService().isAccessControlEnabled() )
        {
            next.modify( opContext );
            return;
        }

        List<Modification> mods = opContext.getModItems();

        // bypass authz code but manage caches if operation is performed by the admin
        if ( isPrincipalAnAdministrator( principalDn ) )
        {
            next.modify( opContext );
            /**
             * @TODO: A virtual entry can be created here for not hitting the backend again.
             */
            ServerEntry modifiedEntry = opContext.lookup( name, ByPassConstants.LOOKUP_BYPASS );
            tupleCache.subentryModified( name, mods, modifiedEntry );
            groupCache.groupModified( name, mods, entry, schemaManager );
            return;
        }

        Set<DN> userGroups = groupCache.getGroups( principalDn.getNormName() );
        Collection<ACITuple> tuples = new HashSet<ACITuple>();
        addPerscriptiveAciTuples( opContext, tuples, name, entry.getOriginalEntry() );
        addEntryAciTuples( tuples, entry );
        addSubentryAciTuples( opContext, tuples, name, entry );

        engine.checkPermission( schemaManager, opContext, userGroups, principalDn,
            principal.getAuthenticationLevel(), name, null, null,
            Collections.singleton( MicroOperation.MODIFY ), tuples, entry, null );

        Collection<MicroOperation> perms = null;
        ServerEntry entryView = ( ServerEntry ) entry.clone();
       
        for ( Modification mod : mods )
        {
            ServerAttribute attr = (ServerAttribute)mod.getAttribute();

            switch ( mod.getOperation() )
            {
                case ADD_ATTRIBUTE :
                    perms = ADD_PERMS;
               
                    // If the attribute is being created with an initial value ...
                    if ( entry.get( attr.getId() ) == null )
                    {
                        // ... we also need to check if adding the attribute is permitted
                        engine.checkPermission( schemaManager, opContext, userGroups, principalDn, principal.getAuthenticationLevel(), name,
                                attr.getId(), null, perms, tuples, entry, null );
                    }
                   
                    break;

                case REMOVE_ATTRIBUTE :
                    perms = REMOVE_PERMS;
                    EntryAttribute entryAttr = entry.get( attr.getId() );

                    if ( entryAttr != null )
                    {
                        // If there is only one value remaining in the attribute ...
                        if ( entryAttr.size() == 1 )
View Full Code Here

        if ( isPrincipalAnAdministrator( principalDn ) )
        {
            return answer;
        }

        ClonedServerEntry entry = entryContext.lookup( name, ByPassConstants.HAS_ENTRY_BYPASS );
        Set<DN> userGroups = groupCache.getGroups( principalDn.toNormName() );
        Collection<ACITuple> tuples = new HashSet<ACITuple>();
        addPerscriptiveAciTuples( entryContext, tuples, name, entry.getOriginalEntry() );
        addEntryAciTuples( tuples, entry.getOriginalEntry() );
        addSubentryAciTuples( entryContext, tuples, name, entry.getOriginalEntry() );

        // check that we have browse access to the entry
        engine.checkPermission( schemaManager, entryContext, userGroups, principalDn,
            principal.getAuthenticationLevel(), name, null, null,
            BROWSE_PERMS, tuples, entry.getOriginalEntry(), null );

        return next.hasEntry( entryContext );
    }
View Full Code Here

     * @param entry the entry being added
     */
    public AddOperationContext( CoreSession session, ServerEntry entry )
    {
        super( session, entry.getDn() );
        this.entry = new ClonedServerEntry( entry );
    }
View Full Code Here

        throws Exception
    {
        DN oriChildName = moveAndRenameContext.getDn();
        DN newParentName = moveAndRenameContext.getParent();

        ClonedServerEntry entry = moveAndRenameContext.lookup( oriChildName, ByPassConstants.LOOKUP_BYPASS );
       
        LdapPrincipal principal = moveAndRenameContext.getSession().getEffectivePrincipal();
        DN principalDn = principal.getClonedName();
        DN newName = ( DN ) newParentName.clone();
        newName.add( moveAndRenameContext.getNewRdn().getUpName() );

        // bypass authz code if we are disabled
        if ( !moveAndRenameContext.getSession().getDirectoryService().isAccessControlEnabled() )
        {
            next.moveAndRename( moveAndRenameContext );
            return;
        }

        protectCriticalEntries( oriChildName );

        // bypass authz code but manage caches if operation is performed by the admin
        if ( isPrincipalAnAdministrator( principalDn ) )
        {
            next.moveAndRename( moveAndRenameContext );
            tupleCache.subentryRenamed( oriChildName, newName );
            groupCache.groupRenamed( oriChildName, newName );
            return;
        }

        Set<DN> userGroups = groupCache.getGroups( principalDn.getNormName() );
        Collection<ACITuple> tuples = new HashSet<ACITuple>();
        addPerscriptiveAciTuples( moveAndRenameContext, tuples, oriChildName, entry.getOriginalEntry() );
        addEntryAciTuples( tuples, entry );
        addSubentryAciTuples( moveAndRenameContext, tuples, oriChildName, entry );

        engine.checkPermission( schemaManager, moveAndRenameContext, userGroups,
            principalDn, principal.getAuthenticationLevel(), oriChildName, null,
            null, MOVERENAME_PERMS, tuples, entry, null );

        // Get the entry again without operational attributes
        // because access control subentry operational attributes
        // will not be valid at the new location.
        // This will certainly be fixed by the SubentryInterceptor,
        // but after this service.
       
        ClonedServerEntry importedEntry = moveAndRenameContext.lookup( oriChildName,
            ByPassConstants.LOOKUP_EXCLUDING_OPR_ATTRS_BYPASS );
       
        // As the target entry does not exist yet and so
        // its subentry operational attributes are not there,
        // we need to construct an entry to represent it
View Full Code Here

     * @param entry the entry being added
     */
    public AddOperationContext( CoreSession session, DN dn, ServerEntry entry )
    {
        super( session, dn );
        this.entry = new ClonedServerEntry( entry );
    }
View Full Code Here

TOP

Related Classes of org.apache.directory.server.core.entry.ClonedServerEntry

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.