Package org.apache.ldap.server.invocation

Examples of org.apache.ldap.server.invocation.Invocation

486
487
488
489
490
491
492
493
494
495
496
    public void modifyRn( Name name, String newRn, boolean deleteOldRn, Collection bypass ) throws NamingException
    {
        ensureStarted();
        InvocationStack stack = InvocationStack.getInstance();
        Object[] args = new Object[] { name, newRn, deleteOldRn? Boolean.TRUE : Boolean.FALSE };
        stack.push( new Invocation( this, caller, "modifyRn", args, bypass ) );
        try
        {
            this.configuration.getInterceptorChain().modifyRn( name, newRn, deleteOldRn );
        }
        finally
View Full Code Here
508
509
510
511
512
513
514
515
516
517
518
    public void move( Name oriChildName, Name newParentName, Collection bypass ) throws NamingException
    {
        ensureStarted();
        InvocationStack stack = InvocationStack.getInstance();
        stack.push( new Invocation( this, caller, "move", new Object[] { oriChildName, newParentName }, bypass ) );
        try
        {
            this.configuration.getInterceptorChain().move( oriChildName, newParentName );
        }
        finally
View Full Code Here
532
533
534
535
536
537
538
539
540
541
542
            throws NamingException
    {
        ensureStarted();
        InvocationStack stack = InvocationStack.getInstance();
        Object[] args = new Object[] { oriChildName, newParentName, newRn, deleteOldRn? Boolean.TRUE : Boolean.FALSE };
        stack.push( new Invocation( this, caller, "move", args, bypass ) );
        try
        {
            this.configuration.getInterceptorChain().move( oriChildName, newParentName, newRn, deleteOldRn );
        }
        finally
View Full Code Here
554
555
556
557
558
559
560
561
562
563
564
    public Attributes getRootDSE( Collection bypass ) throws NamingException
    {
        ensureStarted();
        InvocationStack stack = InvocationStack.getInstance();
        stack.push( new Invocation( this, caller, "getRootDSE", null, bypass ) );
        try
        {
            return this.configuration.getInterceptorChain().getRootDSE();
        }
        finally
View Full Code Here
576
577
578
579
580
581
582
583
584
585
586
    public void addContextPartition( DirectoryPartitionConfiguration config, Collection bypass ) throws NamingException
    {
        ensureStarted();
        InvocationStack stack = InvocationStack.getInstance();
        stack.push( new Invocation( this, caller, "addContextPartition", new Object[] { config }, bypass ) );
        try
        {
            this.configuration.getInterceptorChain().addContextPartition( config );
        }
        finally
View Full Code Here
598
599
600
601
602
603
604
605
606
607
608
    public void removeContextPartition( Name suffix, Collection bypass ) throws NamingException
    {
        ensureStarted();
        InvocationStack stack = InvocationStack.getInstance();
        stack.push( new Invocation( this, caller, "removeContextPartition", new Object[] { suffix }, bypass ) );
        try
        {
            this.configuration.getInterceptorChain().removeContextPartition( suffix );
        }
        finally
View Full Code Here
110
111
112
113
114
115
116
117
118
119
120
121
        }

        // ---- lookup the principal entry's userPassword attribute

        LdapName principalDn = new LdapName( principal );
        Invocation invocation = InvocationStack.getInstance().peek();
        DirectoryPartitionNexusProxy proxy = invocation.getProxy();
        Attributes userEntry;

        try
        {
            userEntry = proxy.lookup( principalDn, new String[] {"userPassword"}, USERLOOKUP_BYPASS );
View Full Code Here
263
264
265
266
267
268
269
270

    public NamingEnumeration list( NextInterceptor nextInterceptor, Name base ) throws NamingException
    {
        NamingEnumeration e = nextInterceptor.list( base );
        Invocation invocation = InvocationStack.getInstance().peek();
        return new SearchResultFilteringEnumeration( e, new SearchControls(), invocation, SEARCH_FILTER );
    }
View Full Code Here
273
274
275
276
277
278
279
280
    public NamingEnumeration search( NextInterceptor nextInterceptor,
            Name base, Map env, ExprNode filter,
            SearchControls searchCtls ) throws NamingException
    {
        NamingEnumeration e = nextInterceptor.search( base, env, filter, searchCtls );
        Invocation invocation = InvocationStack.getInstance().peek();
        return new SearchResultFilteringEnumeration( e, searchCtls, invocation, SEARCH_FILTER );
    }
View Full Code Here
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
     */

    public void add( NextInterceptor next, String upName, Name normName, Attributes entry ) throws NamingException
    {
        // Access the principal requesting the operation, and bypass checks if it is the admin
        Invocation invocation = InvocationStack.getInstance().peek();
        LdapPrincipal user = ( ( ServerContext ) invocation.getCaller() ).getPrincipal();

        // bypass authz code if we are disabled
        if ( ! enabled )
        {
            next.add( upName, normName, entry );
            return;
        }

        // bypass authz code but manage caches if operation is performed by the admin
        if ( user.getName().equalsIgnoreCase( DirectoryPartitionNexus.ADMIN_PRINCIPAL ) )
        {
            next.add( upName, normName, entry );
            tupleCache.subentryAdded( upName, normName, entry );
            groupCache.groupAdded( upName, normName, entry );
            return;
        }

        // perform checks below here for all non-admin users
        SubentryService subentryService = ( SubentryService ) chain.get( "subentryService" );
        Attributes subentryAttrs = subentryService.getSubentryAttributes( normName, entry );
        NamingEnumeration attrList = entry.getAll();
        while( attrList.hasMore() )
        {
            subentryAttrs.put( ( Attribute ) attrList.next() );
        }

        // Assemble all the information required to make an access control decision
        Set userGroups = groupCache.getGroups( user.getName() );
        Collection tuples = new HashSet();

        // Build the total collection of tuples to be considered for add rights
        // NOTE: entryACI are NOT considered in adds (it would be a security breech)
        addPerscriptiveAciTuples( invocation.getProxy(), tuples, normName, subentryAttrs );
        addSubentryAciTuples( invocation.getProxy(), tuples, normName, subentryAttrs );

        // check if entry scope permission is granted
        DirectoryPartitionNexusProxy proxy = invocation.getProxy();
        engine.checkPermission( proxy, userGroups, user.getJndiName(), user.getAuthenticationLevel(),
                normName, null, null, ADD_PERMS, tuples, subentryAttrs );

        // now we must check if attribute type and value scope permission is granted
        NamingEnumeration attributeList = entry.getAll();
View Full Code Here
TOP

Related Classes of org.apache.ldap.server.invocation.Invocation

  • org.apache.ldap.server.authn.SimpleAuthenticator
  • org.apache.ldap.server.authz.AuthorizationService
  • org.apache.ldap.server.authz.OldAuthorizationService
  • org.apache.ldap.server.collective.CollectiveAttributeService
  • org.apache.ldap.server.event.EventService
  • org.apache.ldap.server.exception.ExceptionService
  • org.apache.ldap.server.interceptor.InterceptorChain
  • org.apache.ldap.server.interceptor.InterceptorChain$Entry
  • org.apache.ldap.server.interceptor.InterceptorChainTest
  • org.apache.ldap.server.jndi.ContextPartitionNexusProxy
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.