Author: akarasulu
Date: Mon Nov 1 14:13:24 2004
New Revision: 56286
Modified:
incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/jndi/ibs/AuthorizationService.java
incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/jndi/ibs/EveExceptionService.java
incubator/directory/eve/trunk/jndi-provider/src/test/org/apache/eve/jndi/SimpleAuthenticationTest.java
Log:
Changes ...
o adding authorization rules caused an authentication test using the
anonymous user to fail when it tried accessed admin user information
we corrected this by catching the right exception
o also found that we were throwing InterceptorException when after
pipeline failures were resulting. We are now catching these and
throwing the appropriate Eve based naming exception
o cleaned up exception messages to quote the principal DN in case
it is the empty string anonymous user to improve readibility
Modified:
incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/jndi/ibs/AuthorizationService.java
==============================================================================
---
incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/jndi/ibs/AuthorizationService.java
(original)
+++
incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/jndi/ibs/AuthorizationService.java
Mon Nov 1 14:13:24 2004
@@ -224,8 +224,8 @@
if ( dn == ADMIN_DN || dn.equals( ADMIN_DN ) )
{
- String msg = "User " + principalDn;
- msg += " does not have permission to move or rename the admin";
+ String msg = "User '" + principalDn;
+ msg += "' does not have permission to move or rename the
admin";
msg += " account. No one not even the admin can move or";
msg += " rename " + dn + "!";
throw new EveNoPermissionException( msg );
@@ -233,8 +233,8 @@
if ( dn.size() > 2 && dn.startsWith( USER_BASE_DN ) && !
principalDn.equals( ADMIN_DN ) )
{
- String msg = "User " + principalDn;
- msg += " does not have permission to move or rename the user";
+ String msg = "User '" + principalDn;
+ msg += "' does not have permission to move or rename the user";
msg += " account: " + dn + ". Only the admin can move or";
msg += " rename user accounts.";
throw new EveNoPermissionException( msg );
@@ -287,15 +287,15 @@
Name principalDn = ( ( EveContext ) ctx ).getPrincipal().getDn();
if ( dn.size() > 2 && dn.startsWith( USER_BASE_DN ) && !
principalDn.equals( ADMIN_DN ) )
{
- String msg = "Access to user account " + dn + " not permitted";
- msg += " for user " + principalDn + ". Only the admin can";
+ String msg = "Access to user account '" + dn + "' not
permitted";
+ msg += " for user '" + principalDn + "'. Only the admin can";
msg += " access user account information";
throw new EveNoPermissionException( msg );
}
else if ( dn.equals( ADMIN_DN ) && ! principalDn.equals( ADMIN_DN
) )
{
- String msg = "Access to admin account " + dn + " not
permitted";
- msg += " for user " + principalDn + ". Only the admin can";
+ String msg = "Access to admin account not permitted for user
'";
+ msg += principalDn + "'. Only the admin can";
msg += " access admin account information";
throw new EveNoPermissionException( msg );
}
Modified:
incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/jndi/ibs/EveExceptionService.java
==============================================================================
---
incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/jndi/ibs/EveExceptionService.java
(original)
+++
incubator/directory/eve/trunk/jndi-provider/src/java/org/apache/eve/jndi/ibs/EveExceptionService.java
Mon Nov 1 14:13:24 2004
@@ -64,9 +64,12 @@
{
if ( invocation.getState() == InvocationStateEnum.FAILUREHANDLING )
{
+ Throwable t = null;
+
if ( invocation.getBeforeFailure() != null )
{
- Throwable t = invocation.getBeforeFailure();
+ t = invocation.getBeforeFailure();
+
if ( t instanceof EveInterceptorException )
{
EveInterceptorException eie = ( EveInterceptorException )
t;
@@ -79,6 +82,25 @@
else if ( eie.getCause() != null && ( eie instanceof
EveException ) )
{
invocation.setBeforeFailure( eie.getCause() );
+ }
+ }
+ }
+ else if ( invocation.getAfterFailure() != null )
+ {
+ t = invocation.getAfterFailure();
+
+ if ( t instanceof EveInterceptorException )
+ {
+ EveInterceptorException eie = ( EveInterceptorException )
t;
+
+ if ( eie.getRootCause() != null && ( eie instanceof
EveException ) )
+ {
+ invocation.setAfterFailure( eie.getRootCause() );
+ }
+
+ else if ( eie.getCause() != null && ( eie instanceof
EveException ) )
+ {
+ invocation.setAfterFailure( eie.getCause() );
}
}
}
Modified:
incubator/directory/eve/trunk/jndi-provider/src/test/org/apache/eve/jndi/SimpleAuthenticationTest.java
==============================================================================
---
incubator/directory/eve/trunk/jndi-provider/src/test/org/apache/eve/jndi/SimpleAuthenticationTest.java
(original)
+++
incubator/directory/eve/trunk/jndi-provider/src/test/org/apache/eve/jndi/SimpleAuthenticationTest.java
Mon Nov 1 14:13:24 2004
@@ -26,6 +26,8 @@
import javax.naming.ldap.LdapContext;
import org.apache.ldap.common.util.ArrayUtils;
+import org.apache.eve.exception.EveNoPermissionException;
+import org.apache.eve.exception.EveConfigurationException;
/**
@@ -185,7 +187,10 @@
setSysRoot( env );
fail( "should not get here due to exception" );
}
- catch( ConfigurationException e )
+ catch( EveConfigurationException e )
+ {
+ }
+ catch( EveNoPermissionException e )
{
}
@@ -200,13 +205,19 @@
env.put( Context.INITIAL_CONTEXT_FACTORY,
"org.apache.eve.jndi.EveContextFactory" );
InitialContext initial = new InitialContext( env );
- ctx = ( EveLdapContext ) initial.lookup( "uid=admin" );
- assertNotNull( ctx );
- Attributes attributes = ctx.getAttributes( "" );
- assertNotNull( attributes );
- performAdminAccountChecks( attributes );
- assertTrue( attributes.get( "userPassword" ).contains(
ArrayUtils.EMPTY_BYTE_ARRAY ) );
+ try
+ {
+ ctx = ( EveLdapContext ) initial.lookup( "uid=admin" );
+ fail( "should not get here due to exception cuz anonymous user is "
+ + "not allowed read access to the admin account entry" );
+ }
+ catch( EveConfigurationException e )
+ {
+ }
+ catch( EveNoPermissionException e )
+ {
+ }
}
