Package org.apache.directory.server.core

Examples of org.apache.directory.server.core.LdapPrincipal

281
282
283
284
285
286
287
288
289
290
291
292
293
294
        }

        // ---- extract password from JNDI environment
        byte[] credentials = opContext.getCredentials();

        LdapPrincipal principal = getStoredPassword( opContext );

        // Get the stored password, either from cache or from backend
        byte[] storedPassword = principal.getUserPassword();

        // Short circuit for PLAIN TEXT passwords : we compare the byte array directly
        // Are the passwords equal ?
        if ( Arrays.equals( credentials, storedPassword ) )
        {
View Full Code Here
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
         * First call hasPermission() for entry level "Browse" and "ReturnDN" perm
         * tests.  If we hasPermission() returns false we immediately short the
         * process and return false.
         */
       
        LdapPrincipal principal = opContext.getSession().getEffectivePrincipal();
        DN userDn = principal.getClonedName();
        Set<DN> userGroups = groupCache.getGroups( userDn.toNormName() );
        Collection<ACITuple> tuples = new HashSet<ACITuple>();
        addPerscriptiveAciTuples( opContext, tuples, normName, clonedEntry.getOriginalEntry() );
        addEntryAciTuples( tuples, clonedEntry.getOriginalEntry() );
        addSubentryAciTuples( opContext, tuples, normName, clonedEntry.getOriginalEntry() );

        if ( !engine.hasPermission(
                        schemaManager,
                        opContext,
                        userGroups,
                        userDn,
                        principal.getAuthenticationLevel(),
                        normName,
                        null,
                        null,
                        SEARCH_ENTRY_PERMS,
                        tuples,
                        clonedEntry.getOriginalEntry(),
                        null ) )
        {
            return false;
        }

        /*
         * For each attribute type we check if access is allowed to the type.  If not
         * the attribute is yanked out of the entry to be returned.  If permission is
         * allowed we move on to check if the values are allowed.  Values that are
         * not allowed are removed from the attribute.  If the attribute has no more
         * values remaining then the entire attribute is removed.
         */
        List<AttributeType> attributeToRemove = new ArrayList<AttributeType>();
       
        for ( AttributeType attributeType:clonedEntry.getAttributeTypes() )
        {
            // if attribute type scope access is not allowed then remove the attribute and continue
            String id = attributeType.getName();
            EntryAttribute attr = clonedEntry.get( attributeType );
       
            if ( !engine.hasPermission(
                        schemaManager,
                        opContext,
                        userGroups,
                        userDn,
                        principal.getAuthenticationLevel(),
                        normName,
                        id,
                        null,
                        SEARCH_ATTRVAL_PERMS,
                        tuples,
                        clonedEntry,
                        null ) )
            {
                attributeToRemove.add( attributeType );
               
                continue;
            }

            List<Value<?>> valueToRemove = new ArrayList<Value<?>>();
           
            // attribute type scope is ok now let's determine value level scope
            for ( Value<?> value:attr )
            {
                if ( !engine.hasPermission(
                        schemaManager,
                        opContext,
                        userGroups,
                        userDn,
                        principal.getAuthenticationLevel(),
                        normName,
                        attr.getUpId(),
                        value,
                        SEARCH_ATTRVAL_PERMS,
                        tuples,
View Full Code Here
125
126
127
128
129
130
131
132
133
134
135
            ctls.setSearchScope( SearchControls.SUBTREE_SCOPE );
           
            DN adminDn = new DN( ServerDNConstants.ADMIN_SYSTEM_DN_NORMALIZED );
            adminDn.normalize( directoryService.getSchemaManager().getNormalizerMapping() );
            CoreSession adminSession = new DefaultCoreSession(
                new LdapPrincipal( adminDn, AuthenticationLevel.STRONG ), directoryService );

            SearchOperationContext searchOperationContext = new SearchOperationContext( adminSession, baseDn,
                filter, ctls );
            searchOperationContext.setAliasDerefMode( AliasDerefMode.DEREF_ALWAYS );
           
View Full Code Here
169
170
171
172
173
174
175
176
177
178
179
            suffixDn.normalize( schemaManager.getNormalizerMapping() );

            DN adminDn = new DN( ServerDNConstants.ADMIN_SYSTEM_DN_NORMALIZED );
            adminDn.normalize( schemaManager.getNormalizerMapping() );
            CoreSession adminSession = new DefaultCoreSession(
                new LdapPrincipal( adminDn, AuthenticationLevel.STRONG ), directoryService );

            SearchOperationContext searchOperationContext = new SearchOperationContext( adminSession, suffixDn,
                filter, controls );
            searchOperationContext.setAliasDerefMode( AliasDerefMode.NEVER_DEREF_ALIASES );
           
View Full Code Here
108
109
110
111
112
113
114
115
116
117
118
    public void testNoBypass() throws Exception
    {
        DN dn = new DN( "ou=system" );
        DirectoryService ds = new MockDirectoryService();
        DefaultCoreSession session = new DefaultCoreSession(
            new LdapPrincipal( new DN(), AuthenticationLevel.STRONG ), ds );
        LookupOperationContext opContext = new LookupOperationContext( session, dn );
        InvocationStack.getInstance().push( opContext );

        try
        {
View Full Code Here
134
135
136
137
138
139
140
141
142
143
144
    public void testSingleBypass() throws Exception
    {
        DN dn = new DN( "ou=system" );
        DirectoryService ds = new MockDirectoryService();
        DefaultCoreSession session = new DefaultCoreSession(
            new LdapPrincipal( new DN(), AuthenticationLevel.STRONG ), ds );
        LookupOperationContext opContext = new LookupOperationContext( session, dn );
        opContext.setByPassed( Collections.singleton( "0" ) );
        InvocationStack.getInstance().push( opContext );

        try
View Full Code Here
161
162
163
164
165
166
167
168
169
170
171
    public void testAdjacentDoubleBypass() throws Exception
    {
        DN dn = new DN( "ou=system" );
        DirectoryService ds = new MockDirectoryService();
        DefaultCoreSession session = new DefaultCoreSession(
            new LdapPrincipal( new DN(), AuthenticationLevel.STRONG ), ds );
        LookupOperationContext opContext = new LookupOperationContext( session, dn );
        Set<String> bypass = new HashSet<String>();
        bypass.add( "0" );
        bypass.add( "1" );
        opContext.setByPassed( bypass );
View Full Code Here
191
192
193
194
195
196
197
198
199
200
201
    public void testFrontAndBackDoubleBypass() throws Exception
    {
        DN dn = new DN( "ou=system" );
        DirectoryService ds = new MockDirectoryService();
        DefaultCoreSession session = new DefaultCoreSession(
            new LdapPrincipal( new DN(), AuthenticationLevel.STRONG ), ds );
        LookupOperationContext opContext = new LookupOperationContext( session, dn );
        Set<String> bypass = new HashSet<String>();
        bypass.add( "0" );
        bypass.add( "4" );
        opContext.setByPassed( bypass );
View Full Code Here
220
221
222
223
224
225
226
227
228
229
230
    public void testDoubleBypass() throws Exception
    {
        DN dn = new DN( "ou=system" );
        DirectoryService ds = new MockDirectoryService();
        DefaultCoreSession session = new DefaultCoreSession(
            new LdapPrincipal( new DN(), AuthenticationLevel.STRONG ), ds );
        LookupOperationContext opContext = new LookupOperationContext( session, dn );
        Set<String> bypass = new HashSet<String>();
        bypass.add( "1" );
        bypass.add( "3" );
        opContext.setByPassed( bypass );
View Full Code Here
249
250
251
252
253
254
255
256
257
258
259
    public void testCompleteBypass() throws Exception
    {
        DN dn = new DN( "ou=system" );
        DirectoryService ds = new MockDirectoryService();
        DefaultCoreSession session = new DefaultCoreSession(
            new LdapPrincipal( new DN(), AuthenticationLevel.STRONG ), ds );
        LookupOperationContext opContext = new LookupOperationContext( session, dn );
        opContext.setByPassed( ByPassConstants.BYPASS_ALL_COLLECTION );
        InvocationStack.getInstance().push( opContext );

        try
View Full Code Here
TOP

Related Classes of org.apache.directory.server.core.LdapPrincipal

  • org.apache.directory.server.core.admin.AdministrativePointInterceptor
  • org.apache.directory.server.core.authn.AnonymousAuthenticator
  • org.apache.directory.server.core.authn.AuthenticationInterceptor
  • org.apache.directory.server.core.authn.DelegatingAuthenticator
  • org.apache.directory.server.core.authn.LdapPrincipalTest
  • org.apache.directory.server.core.authn.SimpleAuthenticator
  • org.apache.directory.server.core.authn.StrongAuthenticator
  • org.apache.directory.server.core.authz.AciAuthorizationInterceptor
  • org.apache.directory.server.core.authz.AuthorizationServiceAsNonAdminIT
  • org.apache.directory.server.core.authz.DefaultAuthorizationInterceptor
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.