http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-applications/src/main/resources/applications/knoxauth/app/redirecting.jsp ---------------------------------------------------------------------- diff --git a/gateway-applications/src/main/resources/applications/knoxauth/app/redirecting.jsp b/gateway-applications/src/main/resources/applications/knoxauth/app/redirecting.jsp index 7af5fdc..e3a0673 100644 --- a/gateway-applications/src/main/resources/applications/knoxauth/app/redirecting.jsp +++ b/gateway-applications/src/main/resources/applications/knoxauth/app/redirecting.jsp @@ -14,9 +14,9 @@ --> <%@ page import="java.util.Collection" %> <%@ page import="java.util.Map" %> -<%@ page import="org.apache.hadoop.gateway.topology.Topology" %> -<%@ page import="org.apache.hadoop.gateway.topology.Service" %> -<%@ page import="org.apache.hadoop.gateway.util.RegExUtils" %> +<%@ page import="org.apache.knox.gateway.topology.Topology" %> +<%@ page import="org.apache.knox.gateway.topology.Service" %> +<%@ page import="org.apache.knox.gateway.util.RegExUtils" %> <!DOCTYPE html> <!--[if lt IE 7]><html class="no-js lt-ie9 lt-ie8 lt-ie7"><![endif]-->
http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-demo-ldap-launcher/pom.xml ---------------------------------------------------------------------- diff --git a/gateway-demo-ldap-launcher/pom.xml b/gateway-demo-ldap-launcher/pom.xml index b5723d3..54aa2b2 100644 --- a/gateway-demo-ldap-launcher/pom.xml +++ b/gateway-demo-ldap-launcher/pom.xml @@ -59,7 +59,7 @@ </descriptorRefs> <archive> <manifest> - <mainClass>org.apache.hadoop.gateway.launcher.Launcher</mainClass> + <mainClass>org.apache.knox.gateway.launcher.Launcher</mainClass> </manifest> </archive> </configuration> http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-demo-ldap/src/main/java/org/apache/hadoop/gateway/security/ldap/BaseDirectoryService.java ---------------------------------------------------------------------- diff --git a/gateway-demo-ldap/src/main/java/org/apache/hadoop/gateway/security/ldap/BaseDirectoryService.java b/gateway-demo-ldap/src/main/java/org/apache/hadoop/gateway/security/ldap/BaseDirectoryService.java deleted file mode 100644 index b519f4b..0000000 --- a/gateway-demo-ldap/src/main/java/org/apache/hadoop/gateway/security/ldap/BaseDirectoryService.java +++ /dev/null @@ -1,2323 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - * - */ -package org.apache.hadoop.gateway.security.ldap; - - -import org.apache.directory.api.ldap.codec.api.LdapApiService; -import org.apache.directory.api.ldap.codec.api.LdapApiServiceFactory; -import org.apache.directory.api.ldap.model.constants.AuthenticationLevel; -import org.apache.directory.api.ldap.model.constants.SchemaConstants; -import org.apache.directory.api.ldap.model.csn.Csn; -import org.apache.directory.api.ldap.model.csn.CsnFactory; -import org.apache.directory.api.ldap.model.cursor.Cursor; -import org.apache.directory.api.ldap.model.entry.Attribute; -import org.apache.directory.api.ldap.model.entry.DefaultEntry; -import org.apache.directory.api.ldap.model.entry.Entry; -import org.apache.directory.api.ldap.model.entry.Modification; -import org.apache.directory.api.ldap.model.entry.Value; -import org.apache.directory.api.ldap.model.exception.LdapException; -import org.apache.directory.api.ldap.model.exception.LdapNoPermissionException; -import org.apache.directory.api.ldap.model.exception.LdapOperationException; -import org.apache.directory.api.ldap.model.ldif.ChangeType; -import org.apache.directory.api.ldap.model.ldif.LdifEntry; -import org.apache.directory.api.ldap.model.ldif.LdifReader; -import org.apache.directory.api.ldap.model.name.Dn; -import org.apache.directory.api.ldap.model.name.DnUtils; -import org.apache.directory.api.ldap.model.name.Rdn; -import org.apache.directory.api.ldap.model.schema.SchemaManager; -import org.apache.directory.api.ldap.util.tree.DnNode; -import org.apache.directory.api.util.DateUtils; -import org.apache.directory.api.util.Strings; -import org.apache.directory.api.util.exception.NotImplementedException; -import org.apache.directory.server.constants.ServerDNConstants; -import org.apache.directory.server.core.DefaultOperationManager; -import org.apache.directory.server.core.admin.AdministrativePointInterceptor; -import org.apache.directory.server.core.api.*; -import org.apache.directory.server.core.api.administrative.AccessControlAdministrativePoint; -import org.apache.directory.server.core.api.administrative.CollectiveAttributeAdministrativePoint; -import org.apache.directory.server.core.api.administrative.SubschemaAdministrativePoint; -import org.apache.directory.server.core.api.administrative.TriggerExecutionAdministrativePoint; -import org.apache.directory.server.core.api.changelog.ChangeLog; -import org.apache.directory.server.core.api.changelog.ChangeLogEvent; -import org.apache.directory.server.core.api.changelog.Tag; -import org.apache.directory.server.core.api.changelog.TaggableSearchableChangeLogStore; -import org.apache.directory.server.core.api.event.EventService; -import org.apache.directory.server.core.api.interceptor.BaseInterceptor; -import org.apache.directory.server.core.api.interceptor.Interceptor; -import org.apache.directory.server.core.api.interceptor.context.AddOperationContext; -import org.apache.directory.server.core.api.interceptor.context.BindOperationContext; -import org.apache.directory.server.core.api.interceptor.context.HasEntryOperationContext; -import org.apache.directory.server.core.api.interceptor.context.LookupOperationContext; -import org.apache.directory.server.core.api.interceptor.context.OperationContext; -import org.apache.directory.server.core.api.journal.Journal; -import org.apache.directory.server.core.api.partition.Partition; -import org.apache.directory.server.core.api.partition.PartitionNexus; -import org.apache.directory.server.core.api.schema.SchemaPartition; -import org.apache.directory.server.core.api.subtree.SubentryCache; -import org.apache.directory.server.core.api.subtree.SubtreeEvaluator; -import org.apache.directory.server.core.authn.AuthenticationInterceptor; -import org.apache.directory.server.core.authn.ppolicy.PpolicyConfigContainer; -import org.apache.directory.server.core.authz.AciAuthorizationInterceptor; -import org.apache.directory.server.core.authz.DefaultAuthorizationInterceptor; -import org.apache.directory.server.core.changelog.ChangeLogInterceptor; -import org.apache.directory.server.core.changelog.DefaultChangeLog; -import org.apache.directory.server.core.collective.CollectiveAttributeInterceptor; -import org.apache.directory.server.core.event.EventInterceptor; -import org.apache.directory.server.core.exception.ExceptionInterceptor; -import org.apache.directory.server.core.journal.DefaultJournal; -import org.apache.directory.server.core.journal.JournalInterceptor; -import org.apache.directory.server.core.normalization.NormalizationInterceptor; -import org.apache.directory.server.core.operational.OperationalAttributeInterceptor; -import org.apache.directory.server.core.referral.ReferralInterceptor; -import org.apache.directory.server.core.schema.SchemaInterceptor; -import org.apache.directory.server.core.security.TlsKeyGenerator; -import org.apache.directory.server.core.shared.DefaultCoreSession; -import org.apache.directory.server.core.shared.DefaultDnFactory; -import org.apache.directory.server.core.shared.partition.DefaultPartitionNexus; -import org.apache.directory.server.core.subtree.SubentryInterceptor; -import org.apache.directory.server.core.trigger.TriggerInterceptor; -import org.apache.directory.server.i18n.I18n; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import java.io.BufferedReader; -import java.io.File; -import java.io.FileNotFoundException; -import java.io.IOException; -import java.io.RandomAccessFile; -import java.io.StringReader; -import java.lang.reflect.Method; -import java.nio.channels.FileLock; -import java.nio.channels.OverlappingFileLockException; -import java.util.ArrayList; -import java.util.Arrays; -import java.util.HashMap; -import java.util.HashSet; -import java.util.List; -import java.util.Map; -import java.util.Set; -import java.util.UUID; -import java.util.concurrent.ConcurrentHashMap; -import java.util.concurrent.locks.Lock; -import java.util.concurrent.locks.ReadWriteLock; -import java.util.concurrent.locks.ReentrantReadWriteLock; - - -/** - * Base implementation of {@link DirectoryService}. - * This is a copy of org.apache.directory.server.core.DefaultDirectoryService - * created to make showSecurityWarnings protected. This can be removed - * when http://svn.apache.org/r1546144 in ApacheDS 2.0.0-M16 is available. - * - * @author <a href="mailto:d...@directory.apache.org">Apache Directory Project</a> - */ -public class BaseDirectoryService implements DirectoryService -{ - /** The logger */ - private static final Logger LOG = LoggerFactory.getLogger( BaseDirectoryService.class ); - - private SchemaPartition schemaPartition; - - /** A reference on the SchemaManager */ - private SchemaManager schemaManager; - - /** The LDAP Codec Service */ - private LdapApiService ldapCodecService = LdapApiServiceFactory.getSingleton(); - - /** the root nexus */ - private DefaultPartitionNexus partitionNexus; - - /** whether or not server is started for the first time */ - private boolean firstStart; - - /** whether or not this instance has been shutdown */ - private boolean started; - - /** the change log service */ - private ChangeLog changeLog; - - /** the journal service */ - private Journal journal; - - /** - * the interface used to perform various operations on this - * DirectoryService - */ - private OperationManager operationManager = new DefaultOperationManager( this ); - - /** the distinguished name of the administrative user */ - private Dn adminDn; - - /** session used as admin for internal operations */ - private CoreSession adminSession; - - /** The referral manager */ - private ReferralManager referralManager; - - /** A flag to tell if the userPassword attribute's value must be hidden */ - private boolean passwordHidden = false; - - /** The service's CSN factory */ - private CsnFactory csnFactory; - - /** The directory instance replication ID */ - private int replicaId; - - /** remove me after implementation is completed */ - private static final String PARTIAL_IMPL_WARNING = - "WARNING: the changelog is only partially operational and will revert\n" + - "state without consideration of who made the original change. All reverting " + - "changes are made by the admin user.\n Furthermore the used controls are not at " + - "all taken into account"; - - /** The delay to wait between each sync on disk */ - private long syncPeriodMillis; - - /** The default delay to wait between sync on disk : 15 seconds */ - private static final long DEFAULT_SYNC_PERIOD = 15000; - - /** */ - private Thread workerThread; - - /** The default timeLimit : 100 entries */ - public static final int MAX_SIZE_LIMIT_DEFAULT = 100; - - /** The default timeLimit : 10 seconds */ - public static final int MAX_TIME_LIMIT_DEFAULT = 10000; - - /** The instance Id */ - private String instanceId; - - /** The server directory layout*/ - private InstanceLayout instanceLayout; - - /** - * A flag used to shutdown the VM when stopping the server. Useful - * when the server is standalone. If the server is embedded, we don't - * want to shutdown the VM - */ - private boolean exitVmOnShutdown = true; // allow by default - - /** A flag used to indicate that a shutdown hook has been installed */ - private boolean shutdownHookEnabled = true; // allow by default - - /** Manage anonymous access to entries other than the RootDSE */ - private boolean allowAnonymousAccess = false; // forbid by default - - /** Manage the basic access control checks */ - private boolean accessControlEnabled; // off by default - - /** Manage the operational attributes denormalization */ - private boolean denormalizeOpAttrsEnabled; // off by default - - /** The list of declared interceptors */ - private List<Interceptor> interceptors; - private Map<String, Interceptor> interceptorNames; - - /** A lock to protect the interceptors List */ - private ReadWriteLock interceptorsLock = new ReentrantReadWriteLock(); - - /** The read and write locks */ - private Lock readLock = interceptorsLock.readLock(); - private Lock writeLock = interceptorsLock.writeLock(); - - /** A map associating a list of interceptor to each operation */ - private Map<OperationEnum, List<String>> operationInterceptors; - - /** The System partition */ - private Partition systemPartition; - - /** The set of all declared partitions */ - private Set<Partition> partitions = new HashSet<>(); - - /** A list of LDIF entries to inject at startup */ - private List<? extends LdifEntry> testEntries = new ArrayList<LdifEntry>(); // List<Attributes> - - /** The event service */ - private EventService eventService; - - /** The maximum size for an incoming PDU */ - private int maxPDUSize = Integer.MAX_VALUE; - - /** the value of last successful add/update operation's CSN */ - private String contextCsn; - - /** lock file for directory service's working directory */ - private RandomAccessFile lockFile = null; - - private static final String LOCK_FILE_NAME = ".dirservice.lock"; - - /** the ehcache based cache service */ - private CacheService cacheService; - - /** The AccessControl AdministrativePoint cache */ - private DnNode<AccessControlAdministrativePoint> accessControlAPCache; - - /** The CollectiveAttribute AdministrativePoint cache */ - private DnNode<CollectiveAttributeAdministrativePoint> collectiveAttributeAPCache; - - /** The Subschema AdministrativePoint cache */ - private DnNode<SubschemaAdministrativePoint> subschemaAPCache; - - /** The TriggerExecution AdministrativePoint cache */ - private DnNode<TriggerExecutionAdministrativePoint> triggerExecutionAPCache; - - /** The Dn factory */ - private DnFactory dnFactory; - - /** The Subentry cache */ - SubentryCache subentryCache = new SubentryCache(); - - /** The Subtree evaluator instance */ - private SubtreeEvaluator evaluator; - - - // ------------------------------------------------------------------------ - // Constructor - // ------------------------------------------------------------------------ - - /** - * Creates a new instance of the directory service. - */ - public BaseDirectoryService() throws Exception - { - changeLog = new DefaultChangeLog(); - journal = new DefaultJournal(); - syncPeriodMillis = DEFAULT_SYNC_PERIOD; - csnFactory = new CsnFactory( replicaId ); - evaluator = new SubtreeEvaluator( schemaManager ); - setDefaultInterceptorConfigurations(); - } - - - // ------------------------------------------------------------------------ - // C O N F I G U R A T I O N M E T H O D S - // ------------------------------------------------------------------------ - - public void setInstanceId( String instanceId ) - { - this.instanceId = instanceId; - } - - - public String getInstanceId() - { - return instanceId; - } - - - /** - * Gets the {@link Partition}s used by this DirectoryService. - * - * @return the set of partitions used - */ - public Set<? extends Partition> getPartitions() - { - Set<Partition> cloned = new HashSet<>(); - cloned.addAll( partitions ); - return cloned; - } - - - /** - * Sets {@link Partition}s used by this DirectoryService. - * - * @param partitions the partitions to used - */ - public void setPartitions( Set<? extends Partition> partitions ) - { - Set<Partition> cloned = new HashSet<>(); - cloned.addAll( partitions ); - Set<String> names = new HashSet<>(); - - for ( Partition partition : cloned ) - { - String id = partition.getId(); - - if ( names.contains( id ) ) - { - LOG.warn( "Encountered duplicate partition {} identifier.", id ); - } - - names.add( id ); - } - - this.partitions = cloned; - } - - - /** - * Returns <tt>true</tt> if access control checks are enabled. - * - * @return true if access control checks are enabled, false otherwise - */ - public boolean isAccessControlEnabled() - { - return accessControlEnabled; - } - - - /** - * Sets whether to enable basic access control checks or not. - * - * @param accessControlEnabled true to enable access control checks, false otherwise - */ - public void setAccessControlEnabled( boolean accessControlEnabled ) - { - this.accessControlEnabled = accessControlEnabled; - } - - - /** - * Returns <tt>true</tt> if anonymous access is allowed on entries besides the RootDSE. - * If the access control subsystem is enabled then access to some entries may not be - * allowed even when full anonymous access is enabled. - * - * @return true if anonymous access is allowed on entries besides the RootDSE, false - * if anonymous access is allowed to all entries. - */ - public boolean isAllowAnonymousAccess() - { - return allowAnonymousAccess; - } - - - /** - * Sets whether to allow anonymous access to entries other than the RootDSE. If the - * access control subsystem is enabled then access to some entries may not be allowed - * even when full anonymous access is enabled. - * - * @param enableAnonymousAccess true to enable anonymous access, false to disable it - */ - public void setAllowAnonymousAccess( boolean enableAnonymousAccess ) - { - this.allowAnonymousAccess = enableAnonymousAccess; - } - - - /** - * Returns interceptors in the server. - * - * @return the interceptors in the server. - */ - public List<Interceptor> getInterceptors() - { - List<Interceptor> cloned = new ArrayList<Interceptor>(); - - readLock.lock(); - - try - { - cloned.addAll( interceptors ); - - return cloned; - } - finally - { - readLock.unlock(); - } - } - - - /** - * Returns interceptors in the server for a given operation. - * - * @return the interceptors in the server for the given operation. - */ - public List<String> getInterceptors( OperationEnum operation ) - { - List<String> cloned = new ArrayList<String>(); - - readLock.lock(); - - try - { - cloned.addAll( operationInterceptors.get( operation ) ); - - return cloned; - } - finally - { - readLock.unlock(); - } - - } - - - /** - * Compute the list of to call for each operation - */ - private void initOperationsList() - { - writeLock.lock(); - - try - { - operationInterceptors = new ConcurrentHashMap<OperationEnum, List<String>>(); - - for ( OperationEnum operation : OperationEnum.getOperations() ) - { - List<String> operationList = new ArrayList<String>(); - - for ( Interceptor interceptor : interceptors ) - { - gatherInterceptors( interceptor, interceptor.getClass(), operation, operationList ); - } - - operationInterceptors.put( operation, operationList ); - } - } - finally - { - writeLock.unlock(); - } - } - - - /** - * Recursively checks if the given interceptor can be added to the list of interceptors for a given - * operation and adds to the list of interceptors if it implements the respective operation - * - * @param interceptor the instance of the interceptor - * @param interceptorClz the class of the interceptor - * @param operation type of operation - * @param selectedInterceptorList the list of selected interceptors - */ - private void gatherInterceptors( Interceptor interceptor, Class<?> interceptorClz, OperationEnum operation, - List<String> selectedInterceptorList ) - { - // We stop recursing when we reach the Base class - if ( ( interceptorClz == null ) || ( interceptorClz == BaseInterceptor.class ) ) - { - return; - } - - // We don't call getMethods() because it would get back the default methods - // from the BaseInterceptor, something we don't want. - Method[] methods = interceptorClz.getDeclaredMethods(); - - for ( Method method : methods ) - { - Class<?>[] param = method.getParameterTypes(); - boolean hasCorrestSig = false; - - // check for the correct signature - if ( ( param == null ) || ( param.length > 1 ) || ( param.length == 0 ) ) - { - continue; - } - - if ( OperationContext.class.isAssignableFrom( param[0] ) ) - { - hasCorrestSig = true; - } - else - { - continue; - } - - if ( hasCorrestSig && method.getName().equals( operation.getMethodName() ) ) - { - if ( !selectedInterceptorList.contains( interceptor.getName() ) ) - { - selectedInterceptorList.add( interceptor.getName() ); - } - - break; - } - } - - // Recurse on extended classes, as we have used getDeclaredMethods() instead of getmethods() - gatherInterceptors( interceptor, interceptorClz.getSuperclass(), operation, selectedInterceptorList ); - } - - - /** - * Add an interceptor to the list of interceptors to call for each operation - * @throws LdapException - */ - private void addInterceptor( Interceptor interceptor, int position ) throws LdapException - { - // First, init the interceptor - interceptor.init( this ); - - writeLock.lock(); - - try - { - for ( OperationEnum operation : OperationEnum.getOperations() ) - { - List<String> operationList = operationInterceptors.get( operation ); - - Method[] methods = interceptor.getClass().getDeclaredMethods(); - - for ( Method method : methods ) - { - if ( method.getName().equals( operation.getMethodName() ) ) - { - if ( position == -1 ) - { - operationList.add( interceptor.getName() ); - } - else - { - operationList.add( position, interceptor.getName() ); - } - - break; - } - } - } - - interceptorNames.put( interceptor.getName(), interceptor ); - - if ( position == -1 ) - { - interceptors.add( interceptor ); - } - else - { - interceptors.add( position, interceptor ); - } - } - finally - { - writeLock.unlock(); - } - } - - - /** - * Remove an interceptor to the list of interceptors to call for each operation - */ - private void removeOperationsList( String interceptorName ) - { - Interceptor interceptor = interceptorNames.get( interceptorName ); - - writeLock.lock(); - - try - { - for ( OperationEnum operation : OperationEnum.getOperations() ) - { - List<String> operationList = operationInterceptors.get( operation ); - - Method[] methods = interceptor.getClass().getDeclaredMethods(); - - for ( Method method : methods ) - { - if ( method.getName().equals( operation.getMethodName() ) ) - { - operationList.remove( interceptor.getName() ); - - break; - } - } - } - - interceptorNames.remove( interceptorName ); - interceptors.remove( interceptor ); - } - finally - { - writeLock.unlock(); - } - } - - - /** - * Sets the interceptors in the server. - * - * @param interceptors the interceptors to be used in the server. - */ - public void setInterceptors( List<Interceptor> interceptors ) - { - Map<String, Interceptor> interceptorNames = new HashMap<>(); - - // Check if we don't have duplicate names in the interceptors list - for ( Interceptor interceptor : interceptors ) - { - if ( interceptorNames.containsKey( interceptor.getName() ) ) - { - LOG.warn( "Encountered duplicate definitions for {} interceptor", interceptor.getName() ); - continue; - } - - interceptorNames.put( interceptor.getName(), interceptor ); - } - - this.interceptors = interceptors; - this.interceptorNames = interceptorNames; - - // Now update the Map that connect each operation with the list of interceptors. - initOperationsList(); - } - - - /** - * Initialize the interceptors - */ - private void initInterceptors() throws LdapException - { - for ( Interceptor interceptor : interceptors ) - { - interceptor.init( this ); - } - } - - - /** - * Returns test directory entries({@link LdifEntry}) to be loaded while - * bootstrapping. - * - * @return test entries to load during bootstrapping - */ - public List<LdifEntry> getTestEntries() - { - List<LdifEntry> cloned = new ArrayList<LdifEntry>(); - cloned.addAll( testEntries ); - - return cloned; - } - - - /** - * Sets test directory entries({@link javax.naming.directory.Attributes}) to be loaded while - * bootstrapping. - * - * @param testEntries the test entries to load while bootstrapping - */ - public void setTestEntries( List<? extends LdifEntry> testEntries ) - { - //noinspection MismatchedQueryAndUpdateOfCollection - List<LdifEntry> cloned = new ArrayList<LdifEntry>(); - cloned.addAll( testEntries ); - this.testEntries = cloned; - } - - - /** - * {@inheritDoc} - */ - public InstanceLayout getInstanceLayout() - { - return instanceLayout; - } - - - /** - * {@inheritDoc} - */ - public void setInstanceLayout( InstanceLayout instanceLayout ) throws IOException - { - this.instanceLayout = instanceLayout; - - // Create the directories if they are missing - if ( !instanceLayout.getInstanceDirectory().exists() ) - { - if ( !instanceLayout.getInstanceDirectory().mkdirs() ) - { - throw new IOException( I18n.err( I18n.ERR_112_COULD_NOT_CREATE_DIRECORY, - instanceLayout.getInstanceDirectory() ) ); - } - } - - if ( !instanceLayout.getLogDirectory().exists() ) - { - if ( !instanceLayout.getLogDirectory().mkdirs() ) - { - throw new IOException( I18n.err( I18n.ERR_112_COULD_NOT_CREATE_DIRECORY, - instanceLayout.getLogDirectory() ) ); - } - } - - if ( !instanceLayout.getRunDirectory().exists() ) - { - if ( !instanceLayout.getRunDirectory().mkdirs() ) - { - throw new IOException( I18n.err( I18n.ERR_112_COULD_NOT_CREATE_DIRECORY, - instanceLayout.getRunDirectory() ) ); - } - } - - if ( !instanceLayout.getPartitionsDirectory().exists() ) - { - if ( !instanceLayout.getPartitionsDirectory().mkdirs() ) - { - throw new IOException( I18n.err( I18n.ERR_112_COULD_NOT_CREATE_DIRECORY, - instanceLayout.getPartitionsDirectory() ) ); - } - } - - if ( !instanceLayout.getConfDirectory().exists() ) - { - if ( !instanceLayout.getConfDirectory().mkdirs() ) - { - throw new IOException( I18n.err( I18n.ERR_112_COULD_NOT_CREATE_DIRECORY, - instanceLayout.getConfDirectory() ) ); - } - } - } - - - public void setShutdownHookEnabled( boolean shutdownHookEnabled ) - { - this.shutdownHookEnabled = shutdownHookEnabled; - } - - - public boolean isShutdownHookEnabled() - { - return shutdownHookEnabled; - } - - - public void setExitVmOnShutdown( boolean exitVmOnShutdown ) - { - this.exitVmOnShutdown = exitVmOnShutdown; - } - - - public boolean isExitVmOnShutdown() - { - return exitVmOnShutdown; - } - - - public void setSystemPartition( Partition systemPartition ) - { - this.systemPartition = systemPartition; - } - - - public Partition getSystemPartition() - { - return systemPartition; - } - - - /** - * return true if the operational attributes must be normalized when returned - */ - public boolean isDenormalizeOpAttrsEnabled() - { - return denormalizeOpAttrsEnabled; - } - - - /** - * Sets whether the operational attributes are denormalized when returned - * @param denormalizeOpAttrsEnabled The flag value - */ - public void setDenormalizeOpAttrsEnabled( boolean denormalizeOpAttrsEnabled ) - { - this.denormalizeOpAttrsEnabled = denormalizeOpAttrsEnabled; - } - - - /** - * {@inheritDoc} - */ - public ChangeLog getChangeLog() - { - return changeLog; - } - - - /** - * {@inheritDoc} - */ - public Journal getJournal() - { - return journal; - } - - - /** - * {@inheritDoc} - */ - public void setChangeLog( ChangeLog changeLog ) - { - this.changeLog = changeLog; - } - - - /** - * {@inheritDoc} - */ - public void setJournal( Journal journal ) - { - this.journal = journal; - } - - - public void addPartition( Partition partition ) throws Exception - { - partition.setSchemaManager( schemaManager ); - - try - { - // can be null when called before starting up - if ( partitionNexus != null ) - { - partitionNexus.addContextPartition( partition ); - } - } - catch ( LdapException le ) - { - // We've got an exception, we cannot add the partition to the partitions - throw le; - } - - // Now, add the partition to the set of managed partitions - partitions.add( partition ); - } - - - public void removePartition( Partition partition ) throws Exception - { - // Do the backend cleanup first - try - { - // can be null when called before starting up - if ( partitionNexus != null ) - { - partitionNexus.removeContextPartition( partition.getSuffixDn() ); - } - } - catch ( LdapException le ) - { - // Bad ! We can't go any further - throw le; - } - - // And update the set of managed partitions - partitions.remove( partition ); - } - - - // ------------------------------------------------------------------------ - // BackendSubsystem Interface Method Implementations - // ------------------------------------------------------------------------ - /** - * Define a default list of interceptors that has to be used if no other - * configuration is defined. - */ - private void setDefaultInterceptorConfigurations() - { - // Set default interceptor chains - List<Interceptor> list = new ArrayList<Interceptor>(); - - list.add( new NormalizationInterceptor() ); - list.add( new AuthenticationInterceptor() ); - list.add( new ReferralInterceptor() ); - list.add( new AciAuthorizationInterceptor() ); - list.add( new DefaultAuthorizationInterceptor() ); - list.add( new AdministrativePointInterceptor() ); - list.add( new ExceptionInterceptor() ); - list.add( new SchemaInterceptor() ); - list.add( new OperationalAttributeInterceptor() ); - list.add( new CollectiveAttributeInterceptor() ); - list.add( new SubentryInterceptor() ); - list.add( new EventInterceptor() ); - list.add( new TriggerInterceptor() ); - list.add( new ChangeLogInterceptor() ); - list.add( new JournalInterceptor() ); - - setInterceptors( list ); - } - - - public CoreSession getAdminSession() - { - return adminSession; - } - - - /** - * Get back an anonymous session - */ - public CoreSession getSession() - { - return new DefaultCoreSession( new LdapPrincipal( schemaManager ), this ); - } - - - /** - * Get back a session for a given principal - */ - public CoreSession getSession( LdapPrincipal principal ) - { - return new DefaultCoreSession( principal, this ); - } - - - /** - * Get back a session for the give user and credentials bound with Simple Bind - */ - public CoreSession getSession( Dn principalDn, byte[] credentials ) throws LdapException - { - synchronized ( this ) - { - if ( !started ) - { - throw new IllegalStateException( "Service has not started." ); - } - } - - BindOperationContext bindContext = new BindOperationContext( null ); - bindContext.setCredentials( credentials ); - bindContext.setDn( principalDn.apply( schemaManager ) ); - bindContext.setInterceptors( getInterceptors( OperationEnum.BIND ) ); - - operationManager.bind( bindContext ); - - return bindContext.getSession(); - } - - - /** - * Get back a session for a given user bound with SASL Bind - */ - public CoreSession getSession( Dn principalDn, byte[] credentials, String saslMechanism, String saslAuthId ) - throws Exception - { - synchronized ( this ) - { - if ( !started ) - { - throw new IllegalStateException( "Service has not started." ); - - } - } - - BindOperationContext bindContext = new BindOperationContext( null ); - bindContext.setCredentials( credentials ); - bindContext.setDn( principalDn.apply( schemaManager ) ); - bindContext.setSaslMechanism( saslMechanism ); - bindContext.setInterceptors( getInterceptors( OperationEnum.BIND ) ); - - operationManager.bind( bindContext ); - - return bindContext.getSession(); - } - - - public long revert() throws LdapException - { - if ( changeLog == null || !changeLog.isEnabled() ) - { - throw new IllegalStateException( I18n.err( I18n.ERR_310 ) ); - } - - Tag latest = changeLog.getLatest(); - - if ( null != latest ) - { - if ( latest.getRevision() < changeLog.getCurrentRevision() ) - { - return revert( latest.getRevision() ); - } - else - { - LOG.info( "Ignoring request to revert without changes since the latest tag." ); - return changeLog.getCurrentRevision(); - } - } - - throw new IllegalStateException( I18n.err( I18n.ERR_311 ) ); - } - - - /** - * We handle the ModDN/ModRDN operation for the revert here. - */ - private void moddn( Dn oldDn, Dn newDn, boolean delOldRdn ) throws LdapException - { - if ( oldDn.size() == 0 ) - { - throw new LdapNoPermissionException( I18n.err( I18n.ERR_312 ) ); - } - - // calculate parents - Dn oldBase = oldDn.getParent(); - Dn newBase = newDn.getParent(); - - // Compute the Rdn for each of the Dn - Rdn newRdn = newDn.getRdn(); - Rdn oldRdn = oldDn.getRdn(); - - /* - * We need to determine if this rename operation corresponds to a simple - * Rdn name change or a move operation. If the two names are the same - * except for the Rdn then it is a simple modifyRdn operation. If the - * names differ in size or have a different baseDN then the operation is - * a move operation. Furthermore if the Rdn in the move operation - * changes it is both an Rdn change and a move operation. - */ - if ( ( oldDn.size() == newDn.size() ) && oldBase.equals( newBase ) ) - { - adminSession.rename( oldDn, newRdn, delOldRdn ); - } - else - { - Dn target = newDn.getParent(); - - if ( newRdn.equals( oldRdn ) ) - { - adminSession.move( oldDn, target ); - } - else - { - adminSession.moveAndRename( oldDn, target, new Rdn( newRdn ), delOldRdn ); - } - } - } - - - public long revert( long revision ) throws LdapException - { - if ( changeLog == null || !changeLog.isEnabled() ) - { - throw new IllegalStateException( I18n.err( I18n.ERR_310 ) ); - } - - if ( revision < 0 ) - { - throw new IllegalArgumentException( I18n.err( I18n.ERR_239 ) ); - } - - if ( revision >= changeLog.getChangeLogStore().getCurrentRevision() ) - { - throw new IllegalArgumentException( I18n.err( I18n.ERR_314 ) ); - } - - Cursor<ChangeLogEvent> cursor = changeLog.getChangeLogStore().findAfter( revision ); - - /* - * BAD, BAD, BAD!!! - * - * No synchronization no nothing. Just getting this to work for now - * so we can revert tests. Any production grade use of this feature - * needs to synchronize on all changes while the revert is in progress. - * - * How about making this operation transactional? - * - * First of all just stop using JNDI and construct the operations to - * feed into the interceptor pipeline. - * - * TODO review this code. - */ - - try - { - LOG.warn( PARTIAL_IMPL_WARNING ); - cursor.afterLast(); - - while ( cursor.previous() ) // apply ldifs in reverse order - { - ChangeLogEvent event = cursor.get(); - List<LdifEntry> reverses = event.getReverseLdifs(); - - for ( LdifEntry reverse : reverses ) - { - switch ( reverse.getChangeType().getChangeType() ) - { - case ChangeType.ADD_ORDINAL: - adminSession.add( - new DefaultEntry( schemaManager, reverse.getEntry() ), true ); - break; - - case ChangeType.DELETE_ORDINAL: - adminSession.delete( reverse.getDn(), true ); - break; - - case ChangeType.MODIFY_ORDINAL: - List<Modification> mods = reverse.getModifications(); - - adminSession.modify( reverse.getDn(), mods, true ); - break; - - case ChangeType.MODDN_ORDINAL: - // NO BREAK - both ModDN and ModRDN handling is the same - - case ChangeType.MODRDN_ORDINAL: - Dn forwardDn = event.getForwardLdif().getDn(); - Dn reverseDn = reverse.getDn(); - - moddn( reverseDn, forwardDn, reverse.isDeleteOldRdn() ); - - break; - - default: - LOG.error( I18n.err( I18n.ERR_75 ) ); - throw new NotImplementedException( I18n.err( I18n.ERR_76, reverse.getChangeType() ) ); - } - } - } - } - catch ( Exception e ) - { - throw new LdapOperationException( e.getMessage(), e ); - } - finally - { - try - { - cursor.close(); - } - catch ( Exception e ) - { - throw new LdapOperationException( e.getMessage(), e ); - } - } - - return changeLog.getCurrentRevision(); - } - - - public OperationManager getOperationManager() - { - return operationManager; - } - - - /** - * @throws Exception if the LDAP server cannot be started - */ - public synchronized void startup() throws Exception - { - if ( started ) - { - return; - } - - lockWorkDir(); - - if ( shutdownHookEnabled ) - { - Runtime.getRuntime().addShutdownHook( new Thread( new Runnable() - { - public void run() - { - try - { - shutdown(); - } - catch ( Exception e ) - { - LOG.warn( "Failed to shut down the directory service: " - + BaseDirectoryService.this.instanceId, e ); - } - } - }, "ApacheDS Shutdown Hook (" + instanceId + ')' ) ); - - LOG.info( "ApacheDS shutdown hook has been registered with the runtime." ); - } - else if ( LOG.isWarnEnabled() ) - { - LOG.warn( "ApacheDS shutdown hook has NOT been registered with the runtime." - + " This default setting for standalone operation has been overriden." ); - } - - initialize(); - showSecurityWarnings(); - - // load the last stored valid CSN value - LookupOperationContext loc = new LookupOperationContext( getAdminSession(), systemPartition.getSuffixDn(), - SchemaConstants.ALL_ATTRIBUTES_ARRAY ); - - Entry entry = systemPartition.lookup( loc ); - - Attribute cntextCsnAt = entry.get( SchemaConstants.CONTEXT_CSN_AT ); - - if ( cntextCsnAt != null ) - { - // this is a multivalued attribute but current syncrepl provider implementation stores only ONE value at ou=system - contextCsn = cntextCsnAt.getString(); - } - - started = true; - - if ( !testEntries.isEmpty() ) - { - createTestEntries(); - } - } - - - public synchronized void sync() throws Exception - { - if ( !started ) - { - return; - } - - this.changeLog.sync(); - this.partitionNexus.sync(); - } - - - public synchronized void shutdown() throws Exception - { - LOG.debug( "+++ DirectoryService Shutdown required" ); - - if ( !started ) - { - return; - } - - // -------------------------------------------------------------------- - // Shutdown the sync thread - // -------------------------------------------------------------------- - LOG.debug( "--- Syncing the nexus " ); - partitionNexus.sync(); - - // -------------------------------------------------------------------- - // Shutdown the changelog - // -------------------------------------------------------------------- - LOG.debug( "--- Syncing the changeLog " ); - changeLog.sync(); - changeLog.destroy(); - - // -------------------------------------------------------------------- - // Shutdown the journal if enabled - // -------------------------------------------------------------------- - if ( journal.isEnabled() ) - { - LOG.debug( "--- Destroying the journal " ); - journal.destroy(); - } - - // -------------------------------------------------------------------- - // Shutdown the partition - // -------------------------------------------------------------------- - - LOG.debug( "--- Destroying the nexus" ); - partitionNexus.destroy(); - - // Last flush... - LOG.debug( "--- Flushing everything before quitting" ); - getOperationManager().lockWrite(); - partitionNexus.sync(); - getOperationManager().unlockWrite(); - - // -------------------------------------------------------------------- - // And shutdown the server - // -------------------------------------------------------------------- - LOG.debug( "--- Deleting the cache service" ); - cacheService.destroy(); - - LOG.debug( "---Deleting the DnCache" ); - dnFactory = null; - - if ( lockFile != null ) - { - try - { - lockFile.close(); - // no need to delete the lock file - } - catch ( IOException e ) - { - LOG.warn( "couldn't delete the lock file {}", LOCK_FILE_NAME ); - } - } - - LOG.debug( "+++ DirectoryService stopped" ); - started = false; - } - - - /** - * @return The referral manager - */ - public ReferralManager getReferralManager() - { - return referralManager; - } - - - /** - * Set the referralManager - * @param referralManager The initialized referralManager - */ - public void setReferralManager( ReferralManager referralManager ) - { - this.referralManager = referralManager; - } - - - /** - * @return the SchemaManager - */ - public SchemaManager getSchemaManager() - { - return schemaManager; - } - - - /** - * Set the SchemaManager instance. - * - * @param schemaManager The server schemaManager - */ - public void setSchemaManager( SchemaManager schemaManager ) - { - this.schemaManager = schemaManager; - } - - - public LdapApiService getLdapCodecService() - { - return ldapCodecService; - } - - - /** - * {@inheritDoc} - */ - public SchemaPartition getSchemaPartition() - { - return schemaPartition; - } - - - /** - * {@inheritDoc} - */ - public void setSchemaPartition( SchemaPartition schemaPartition ) - { - this.schemaPartition = schemaPartition; - } - - - public DefaultPartitionNexus getPartitionNexus() - { - return partitionNexus; - } - - - public boolean isFirstStart() - { - return firstStart; - } - - - public synchronized boolean isStarted() - { - return started; - } - - - public Entry newEntry( Dn dn ) - { - return new DefaultEntry( schemaManager, dn ); - } - - - /** - * Returns true if we had to create the bootstrap entries on the first - * start of the server. Otherwise if all entries exist, meaning none - * had to be created, then we are not starting for the first time. - * - * @return true if the bootstrap entries had to be created, false otherwise - * @throws Exception if entries cannot be created - */ - private boolean createBootstrapEntries() throws Exception - { - boolean firstStart = false; - - // ------------------------------------------------------------------- - // create admin entry - // ------------------------------------------------------------------- - - /* - * If the admin entry is there, then the database was already created - */ - if ( !partitionNexus.hasEntry( new HasEntryOperationContext( adminSession, adminDn ) ) ) - { - firstStart = true; - - Entry serverEntry = new DefaultEntry( schemaManager, adminDn ); - - serverEntry.put( SchemaConstants.OBJECT_CLASS_AT, - SchemaConstants.TOP_OC, - SchemaConstants.PERSON_OC, - SchemaConstants.ORGANIZATIONAL_PERSON_OC, - SchemaConstants.INET_ORG_PERSON_OC ); - - serverEntry.put( SchemaConstants.UID_AT, PartitionNexus.ADMIN_UID ); - serverEntry.put( SchemaConstants.USER_PASSWORD_AT, PartitionNexus.ADMIN_PASSWORD_BYTES ); - serverEntry.put( SchemaConstants.DISPLAY_NAME_AT, "Directory Superuser" ); - serverEntry.put( SchemaConstants.CN_AT, "system administrator" ); - serverEntry.put( SchemaConstants.SN_AT, "administrator" ); - serverEntry.put( SchemaConstants.CREATORS_NAME_AT, ServerDNConstants.ADMIN_SYSTEM_DN_NORMALIZED ); - serverEntry.put( SchemaConstants.CREATE_TIMESTAMP_AT, DateUtils.getGeneralizedTime() ); - serverEntry.put( SchemaConstants.DISPLAY_NAME_AT, "Directory Superuser" ); - serverEntry.add( SchemaConstants.ENTRY_CSN_AT, getCSN().toString() ); - serverEntry.add( SchemaConstants.ENTRY_UUID_AT, UUID.randomUUID().toString() ); - - TlsKeyGenerator.addKeyPair( serverEntry ); - partitionNexus.add( new AddOperationContext( adminSession, serverEntry ) ); - } - - // ------------------------------------------------------------------- - // create system users area - // ------------------------------------------------------------------- - - Dn userDn = getDnFactory().create( ServerDNConstants.USERS_SYSTEM_DN ); - - if ( !partitionNexus.hasEntry( new HasEntryOperationContext( adminSession, userDn ) ) ) - { - firstStart = true; - - Entry serverEntry = new DefaultEntry( schemaManager, userDn ); - - serverEntry.put( SchemaConstants.OBJECT_CLASS_AT, - SchemaConstants.TOP_OC, - SchemaConstants.ORGANIZATIONAL_UNIT_OC ); - - serverEntry.put( SchemaConstants.OU_AT, "users" ); - serverEntry.put( SchemaConstants.CREATORS_NAME_AT, ServerDNConstants.ADMIN_SYSTEM_DN_NORMALIZED ); - serverEntry.put( SchemaConstants.CREATE_TIMESTAMP_AT, DateUtils.getGeneralizedTime() ); - serverEntry.add( SchemaConstants.ENTRY_CSN_AT, getCSN().toString() ); - serverEntry.add( SchemaConstants.ENTRY_UUID_AT, UUID.randomUUID().toString() ); - - partitionNexus.add( new AddOperationContext( adminSession, serverEntry ) ); - } - - // ------------------------------------------------------------------- - // create system groups area - // ------------------------------------------------------------------- - - Dn groupDn = getDnFactory().create( ServerDNConstants.GROUPS_SYSTEM_DN ); - - if ( !partitionNexus.hasEntry( new HasEntryOperationContext( adminSession, groupDn ) ) ) - { - firstStart = true; - - Entry serverEntry = new DefaultEntry( schemaManager, groupDn ); - - serverEntry.put( SchemaConstants.OBJECT_CLASS_AT, - SchemaConstants.TOP_OC, - SchemaConstants.ORGANIZATIONAL_UNIT_OC ); - - serverEntry.put( SchemaConstants.OU_AT, "groups" ); - serverEntry.put( SchemaConstants.CREATORS_NAME_AT, ServerDNConstants.ADMIN_SYSTEM_DN_NORMALIZED ); - serverEntry.put( SchemaConstants.CREATE_TIMESTAMP_AT, DateUtils.getGeneralizedTime() ); - serverEntry.add( SchemaConstants.ENTRY_CSN_AT, getCSN().toString() ); - serverEntry.add( SchemaConstants.ENTRY_UUID_AT, UUID.randomUUID().toString() ); - - partitionNexus.add( new AddOperationContext( adminSession, serverEntry ) ); - } - - // ------------------------------------------------------------------- - // create administrator group - // ------------------------------------------------------------------- - - Dn name = getDnFactory().create( ServerDNConstants.ADMINISTRATORS_GROUP_DN ); - - if ( !partitionNexus.hasEntry( new HasEntryOperationContext( adminSession, name ) ) ) - { - firstStart = true; - - Entry serverEntry = new DefaultEntry( schemaManager, name ); - - serverEntry.put( SchemaConstants.OBJECT_CLASS_AT, - SchemaConstants.TOP_OC, - SchemaConstants.GROUP_OF_UNIQUE_NAMES_OC ); - - serverEntry.put( SchemaConstants.CN_AT, "Administrators" ); - serverEntry.put( SchemaConstants.UNIQUE_MEMBER_AT, ServerDNConstants.ADMIN_SYSTEM_DN_NORMALIZED ); - serverEntry.put( SchemaConstants.CREATORS_NAME_AT, ServerDNConstants.ADMIN_SYSTEM_DN_NORMALIZED ); - serverEntry.put( SchemaConstants.CREATE_TIMESTAMP_AT, DateUtils.getGeneralizedTime() ); - serverEntry.add( SchemaConstants.ENTRY_CSN_AT, getCSN().toString() ); - serverEntry.add( SchemaConstants.ENTRY_UUID_AT, UUID.randomUUID().toString() ); - - partitionNexus.add( new AddOperationContext( adminSession, serverEntry ) ); - } - - // ------------------------------------------------------------------- - // create system configuration area - // ------------------------------------------------------------------- - - Dn configurationDn = getDnFactory().create( "ou=configuration,ou=system" ); - - if ( !partitionNexus.hasEntry( new HasEntryOperationContext( adminSession, configurationDn ) ) ) - { - firstStart = true; - - Entry serverEntry = new DefaultEntry( schemaManager, configurationDn ); - serverEntry.put( SchemaConstants.OBJECT_CLASS_AT, SchemaConstants.TOP_OC, - SchemaConstants.ORGANIZATIONAL_UNIT_OC ); - - serverEntry.put( SchemaConstants.OU_AT, "configuration" ); - serverEntry.put( SchemaConstants.CREATORS_NAME_AT, ServerDNConstants.ADMIN_SYSTEM_DN_NORMALIZED ); - serverEntry.put( SchemaConstants.CREATE_TIMESTAMP_AT, DateUtils.getGeneralizedTime() ); - serverEntry.add( SchemaConstants.ENTRY_CSN_AT, getCSN().toString() ); - serverEntry.add( SchemaConstants.ENTRY_UUID_AT, UUID.randomUUID().toString() ); - - partitionNexus.add( new AddOperationContext( adminSession, serverEntry ) ); - } - - // ------------------------------------------------------------------- - // create system configuration area for partition information - // ------------------------------------------------------------------- - - Dn partitionsDn = getDnFactory().create( "ou=partitions,ou=configuration,ou=system" ); - - if ( !partitionNexus.hasEntry( new HasEntryOperationContext( adminSession, partitionsDn ) ) ) - { - firstStart = true; - - Entry serverEntry = new DefaultEntry( schemaManager, partitionsDn ); - serverEntry.put( SchemaConstants.OBJECT_CLASS_AT, SchemaConstants.TOP_OC, - SchemaConstants.ORGANIZATIONAL_UNIT_OC ); - serverEntry.put( SchemaConstants.OU_AT, "partitions" ); - serverEntry.put( SchemaConstants.CREATORS_NAME_AT, ServerDNConstants.ADMIN_SYSTEM_DN_NORMALIZED ); - serverEntry.put( SchemaConstants.CREATE_TIMESTAMP_AT, DateUtils.getGeneralizedTime() ); - serverEntry.add( SchemaConstants.ENTRY_CSN_AT, getCSN().toString() ); - serverEntry.add( SchemaConstants.ENTRY_UUID_AT, UUID.randomUUID().toString() ); - - partitionNexus.add( new AddOperationContext( adminSession, serverEntry ) ); - } - - // ------------------------------------------------------------------- - // create system configuration area for services - // ------------------------------------------------------------------- - - Dn servicesDn = getDnFactory().create( "ou=services,ou=configuration,ou=system" ); - - if ( !partitionNexus.hasEntry( new HasEntryOperationContext( adminSession, servicesDn ) ) ) - { - firstStart = true; - - Entry serverEntry = new DefaultEntry( schemaManager, servicesDn ); - serverEntry.put( SchemaConstants.OBJECT_CLASS_AT, SchemaConstants.TOP_OC, - SchemaConstants.ORGANIZATIONAL_UNIT_OC ); - - serverEntry.put( SchemaConstants.OU_AT, "services" ); - serverEntry.put( SchemaConstants.CREATORS_NAME_AT, ServerDNConstants.ADMIN_SYSTEM_DN_NORMALIZED ); - serverEntry.put( SchemaConstants.CREATE_TIMESTAMP_AT, DateUtils.getGeneralizedTime() ); - serverEntry.add( SchemaConstants.ENTRY_CSN_AT, getCSN().toString() ); - serverEntry.add( SchemaConstants.ENTRY_UUID_AT, UUID.randomUUID().toString() ); - - partitionNexus.add( new AddOperationContext( adminSession, serverEntry ) ); - } - - // ------------------------------------------------------------------- - // create system configuration area for interceptors - // ------------------------------------------------------------------- - - Dn interceptorsDn = getDnFactory().create( "ou=interceptors,ou=configuration,ou=system" ); - - if ( !partitionNexus.hasEntry( new HasEntryOperationContext( adminSession, interceptorsDn ) ) ) - { - firstStart = true; - - Entry serverEntry = new DefaultEntry( schemaManager, interceptorsDn ); - serverEntry.put( SchemaConstants.OBJECT_CLASS_AT, SchemaConstants.TOP_OC, - SchemaConstants.ORGANIZATIONAL_UNIT_OC ); - - serverEntry.put( SchemaConstants.OU_AT, "interceptors" ); - serverEntry.put( SchemaConstants.CREATORS_NAME_AT, ServerDNConstants.ADMIN_SYSTEM_DN_NORMALIZED ); - serverEntry.put( SchemaConstants.CREATE_TIMESTAMP_AT, DateUtils.getGeneralizedTime() ); - serverEntry.add( SchemaConstants.ENTRY_CSN_AT, getCSN().toString() ); - serverEntry.add( SchemaConstants.ENTRY_UUID_AT, UUID.randomUUID().toString() ); - - partitionNexus.add( new AddOperationContext( adminSession, serverEntry ) ); - } - - // ------------------------------------------------------------------- - // create system preferences area - // ------------------------------------------------------------------- - - Dn sysPrefRootDn = getDnFactory().create( ServerDNConstants.SYSPREFROOT_SYSTEM_DN ); - - if ( !partitionNexus.hasEntry( new HasEntryOperationContext( adminSession, sysPrefRootDn ) ) ) - { - firstStart = true; - - Entry serverEntry = new DefaultEntry( schemaManager, sysPrefRootDn ); - serverEntry.put( SchemaConstants.OBJECT_CLASS_AT, - SchemaConstants.TOP_OC, - SchemaConstants.ORGANIZATIONAL_UNIT_OC, - SchemaConstants.EXTENSIBLE_OBJECT_OC ); - - serverEntry.put( "prefNodeName", "sysPrefRoot" ); - serverEntry.put( SchemaConstants.CREATORS_NAME_AT, ServerDNConstants.ADMIN_SYSTEM_DN_NORMALIZED ); - serverEntry.put( SchemaConstants.CREATE_TIMESTAMP_AT, DateUtils.getGeneralizedTime() ); - serverEntry.add( SchemaConstants.ENTRY_CSN_AT, getCSN().toString() ); - serverEntry.add( SchemaConstants.ENTRY_UUID_AT, UUID.randomUUID().toString() ); - - partitionNexus.add( new AddOperationContext( adminSession, serverEntry ) ); - } - - return firstStart; - } - - - /** - * Displays security warning messages if any possible secutiry issue is found. - * @throws Exception if there are failures parsing and accessing internal structures - */ - protected void showSecurityWarnings() throws Exception - { - // Warn if the default password is not changed. - boolean needToChangeAdminPassword = false; - - Dn adminDn = getDnFactory().create( ServerDNConstants.ADMIN_SYSTEM_DN ); - - Entry adminEntry = partitionNexus.lookup( new LookupOperationContext( adminSession, adminDn ) ); - Value<?> userPassword = adminEntry.get( SchemaConstants.USER_PASSWORD_AT ).get(); - needToChangeAdminPassword = Arrays.equals( PartitionNexus.ADMIN_PASSWORD_BYTES, userPassword.getBytes() ); - - if ( needToChangeAdminPassword ) - { - LOG.warn( "You didn't change the admin password of directory service " + "instance '" + instanceId + "'. " - + "Please update the admin password as soon as possible " + "to prevent a possible security breach." ); - } - } - - - /** - * Adds test entries into the core. - * - * @todo this may no longer be needed when JNDI is not used for bootstrapping - * - * @throws Exception if the creation of test entries fails. - */ - private void createTestEntries() throws Exception - { - for ( LdifEntry testEntry : testEntries ) - { - try - { - LdifEntry ldifEntry = testEntry.clone(); - Entry entry = ldifEntry.getEntry(); - String dn = ldifEntry.getDn().getName(); - - try - { - getAdminSession().add( new DefaultEntry( schemaManager, entry ) ); - } - catch ( Exception e ) - { - LOG.warn( dn + " test entry already exists.", e ); - } - } - catch ( CloneNotSupportedException cnse ) - { - LOG.warn( "Cannot clone the entry ", cnse ); - } - } - } - - - private void initializeSystemPartition() throws Exception - { - Partition system = getSystemPartition(); - - // Add root context entry for system partition - Dn systemSuffixDn = getDnFactory().create( ServerDNConstants.SYSTEM_DN ); - CoreSession adminSession = getAdminSession(); - - if ( !system.hasEntry( new HasEntryOperationContext( adminSession, systemSuffixDn ) ) ) - { - Entry systemEntry = new DefaultEntry( schemaManager, systemSuffixDn ); - - // Add the ObjectClasses - systemEntry.put( SchemaConstants.OBJECT_CLASS_AT, SchemaConstants.TOP_OC, - SchemaConstants.ORGANIZATIONAL_UNIT_OC, SchemaConstants.EXTENSIBLE_OBJECT_OC ); - - // Add some operational attributes - systemEntry.put( SchemaConstants.CREATORS_NAME_AT, ServerDNConstants.ADMIN_SYSTEM_DN ); - systemEntry.put( SchemaConstants.CREATE_TIMESTAMP_AT, DateUtils.getGeneralizedTime() ); - systemEntry.add( SchemaConstants.ENTRY_CSN_AT, getCSN().toString() ); - systemEntry.add( SchemaConstants.ENTRY_UUID_AT, UUID.randomUUID().toString() ); - systemEntry.put( DnUtils.getRdnAttributeType( ServerDNConstants.SYSTEM_DN ), DnUtils - .getRdnValue( ServerDNConstants.SYSTEM_DN ) ); - - AddOperationContext addOperationContext = new AddOperationContext( adminSession, systemEntry ); - system.add( addOperationContext ); - } - } - - - /** - * Kicks off the initialization of the entire system. - * - * @throws Exception if there are problems along the way - */ - private void initialize() throws Exception - { - if ( LOG.isDebugEnabled() ) - { - LOG.debug( "---> Initializing the DefaultDirectoryService " ); - } - - csnFactory.setReplicaId( replicaId ); - - // If no interceptor list is defined, setup a default list - if ( interceptors == null ) - { - setDefaultInterceptorConfigurations(); - } - - if ( cacheService == null ) - { - // Initialize a default cache service - cacheService = new CacheService(); - } - - cacheService.initialize( instanceLayout ); - - // Initialize the AP caches - accessControlAPCache = new DnNode<AccessControlAdministrativePoint>(); - collectiveAttributeAPCache = new DnNode<CollectiveAttributeAdministrativePoint>(); - subschemaAPCache = new DnNode<SubschemaAdministrativePoint>(); - triggerExecutionAPCache = new DnNode<TriggerExecutionAdministrativePoint>(); - - if ( dnFactory == null ) - { - dnFactory = new DefaultDnFactory( schemaManager, cacheService.getCache( "dnCache" ) ); - } - - // triggers partition to load schema fully from schema partition - schemaPartition.setCacheService( cacheService ); - schemaPartition.initialize(); - partitions.add( schemaPartition ); - systemPartition.setCacheService( cacheService ); - systemPartition.getSuffixDn().apply( schemaManager ); - - adminDn = getDnFactory().create( ServerDNConstants.ADMIN_SYSTEM_DN ); - adminSession = new DefaultCoreSession( new LdapPrincipal( schemaManager, adminDn, AuthenticationLevel.STRONG ), - this ); - - // @TODO - NOTE: Need to find a way to instantiate without dependency on DPN - partitionNexus = new DefaultPartitionNexus( new DefaultEntry( schemaManager, Dn.ROOT_DSE ) ); - partitionNexus.setDirectoryService( this ); - partitionNexus.initialize(); - - initializeSystemPartition(); - - // -------------------------------------------------------------------- - // Create all the bootstrap entries before initializing chain - // -------------------------------------------------------------------- - - firstStart = createBootstrapEntries(); - - // Initialize the interceptors - initInterceptors(); - - // -------------------------------------------------------------------- - // Initialize the changeLog if it's enabled - // -------------------------------------------------------------------- - - if ( changeLog.isEnabled() ) - { - changeLog.init( this ); - - if ( changeLog.isExposed() && changeLog.isTagSearchSupported() ) - { - String clSuffix = ( ( TaggableSearchableChangeLogStore ) changeLog.getChangeLogStore() ).getPartition() - .getSuffixDn().getName(); - partitionNexus.getRootDse( null ).add( SchemaConstants.CHANGELOG_CONTEXT_AT, clSuffix ); - } - } - - // -------------------------------------------------------------------- - // Initialize the journal if it's enabled - // -------------------------------------------------------------------- - if ( journal.isEnabled() ) - { - journal.init( this ); - } - - if ( LOG.isDebugEnabled() ) - { - LOG.debug( "<--- DefaultDirectoryService initialized" ); - } - } - - - /** - * Read an entry (without Dn) - * - * @param text The ldif format file - * @return An entry. - */ - // This will suppress PMD.EmptyCatchBlock warnings in this method - @SuppressWarnings("PMD.EmptyCatchBlock") - private Entry readEntry( String text ) - { - StringReader strIn = new StringReader( text ); - BufferedReader in = new BufferedReader( strIn ); - - String line = null; - Entry entry = new DefaultEntry(); - - try - { - while ( ( line = in.readLine() ) != null ) - { - if ( line.length() == 0 ) - { - continue; - } - - String addedLine = line.trim(); - - if ( Strings.isEmpty( addedLine ) ) - { - continue; - } - - Attribute attribute = LdifReader.parseAttributeValue( addedLine ); - Attribute oldAttribute = entry.get( attribute.getId() ); - - if ( oldAttribute != null ) - { - try - { - oldAttribute.add( attribute.get() ); - entry.put( oldAttribute ); - } - catch ( LdapException ne ) - { - // Do nothing - } - } - else - { - try - { - entry.put( attribute ); - } - catch ( LdapException ne ) - { - // TODO do nothing ... - } - } - } - } - catch ( IOException ioe ) - { - // Do nothing : we can't reach this point ! - } - - return entry; - } - - - /** - * Create a new Entry - * - * @param ldif The String representing the attributes, as a LDIF file - * @param dn The Dn for this new entry - */ - public Entry newEntry( String ldif, String dn ) - { - try - { - Entry entry = readEntry( ldif ); - Dn newDn = getDnFactory().create( dn ); - - entry.setDn( newDn ); - - // TODO Let's get rid of this Attributes crap - Entry serverEntry = new DefaultEntry( schemaManager, entry ); - return serverEntry; - } - catch ( Exception e ) - { - LOG.error( I18n.err( I18n.ERR_78, ldif, dn ) ); - // do nothing - return null; - } - } - - - public EventService getEventService() - { - return eventService; - } - - - public void setEventService( EventService eventService ) - { - this.eventService = eventService; - } - - - /** - * {@inheritDoc} - */ - public boolean isPasswordHidden() - { - return passwordHidden; - } - - - /** - * {@inheritDoc} - */ - public void setPasswordHidden( boolean passwordHidden ) - { - this.passwordHidden = passwordHidden; - } - - - /** - * @return The maximum allowed size for an incoming PDU - */ - public int getMaxPDUSize() - { - return maxPDUSize; - } - - - /** - * Set the maximum allowed size for an incoming PDU - * @param maxPDUSize A positive number of bytes for the PDU. A negative or - * null value will be transformed to {@link Integer#MAX_VALUE} - */ - public void setMaxPDUSize( int maxPDUSize ) - { - if ( maxPDUSize <= 0 ) - { - maxPDUSize = Integer.MAX_VALUE; - } - - this.maxPDUSize = maxPDUSize; - } - - - /** - * {@inheritDoc} - */ - public Interceptor getInterceptor( String interceptorName ) - { - readLock.lock(); - - try - { - return interceptorNames.get( interceptorName ); - } - finally - { - readLock.unlock(); - } - } - - - /** - * {@inheritDoc} - * @throws LdapException - */ - public void addFirst( Interceptor interceptor ) throws LdapException - { - addInterceptor( interceptor, 0 ); - } - - - /** - * {@inheritDoc} - * @throws LdapException - */ - public void addLast( Interceptor interceptor ) throws LdapException - { - addInterceptor( interceptor, -1 ); - } - - - /** - * {@inheritDoc} - */ - public void addAfter( String interceptorName, Interceptor interceptor ) - { - writeLock.lock(); - - try - { - int position = 0; - - // Find the position - for ( Interceptor inter : interceptors ) - { - if ( interceptorName.equals( inter.getName() ) ) - { - break; - } - - position++; - } - - if ( position == interceptors.size() ) - { - interceptors.add( interceptor ); - } - else - { - interceptors.add( position, interceptor ); - } - } - finally - { - writeLock.unlock(); - } - } - - - /** - * {@inheritDoc} - */ - public void remove( String interceptorName ) - { - removeOperationsList( interceptorName ); - } - - - /** - * Get a new CSN - * @return The CSN generated for this directory service - */ - public Csn getCSN() - { - return csnFactory.newInstance(); - } - - - /** - * @return the replicaId - */ - public int getReplicaId() - { - return replicaId; - } - - - /** - * @param replicaId the replicaId to set - */ - public void setReplicaId( int replicaId ) - { - if ( ( replicaId < 0 ) || ( replicaId > 999 ) ) - { - LOG.error( I18n.err( I18n.ERR_79 ) ); - this.replicaId = 0; - } - else - { - this.replicaId = replicaId; - } - } - - - /** - * {@inheritDoc} - */ - public long getSyncPeriodMillis() - { - return syncPeriodMillis; - } - - - /** - * {@inheritDoc} - */ - public void setSyncPeriodMillis( long syncPeriodMillis ) - { - this.syncPeriodMillis = syncPeriodMillis; - } - - - /** - * {@inheritDoc} - */ - public String getContextCsn() - { - return contextCsn; - } - - - /** - * {@inheritDoc} - */ - public void setContextCsn( String lastKnownCsn ) - { - this.contextCsn = lastKnownCsn; - } - - - /** - * checks if the working directory is already in use by some other directory service, if yes - * then throws a runtime exception else will obtain the lock on the working directory - */ - private void lockWorkDir() - { - FileLock fileLock = null; - - try - { - lockFile = new RandomAccessFile( new File( instanceLayout.getInstanceDirectory(), LOCK_FILE_NAME ), "rw" ); - try - { - fileLock = lockFile.getChannel().tryLock( 0, 1, false ); - } - catch ( IOException e ) - { - // shoudn't happen, but log - LOG.error( "failed to lock the work directory", e ); - } - catch ( OverlappingFileLockException e ) // thrown if we can't get a lock - { - fileLock = null; - } - } - catch ( FileNotFoundException e ) - { - // shouldn't happen, but log anyway - LOG.error( "failed to lock the work directory", e ); - } - - if ( ( fileLock == null ) || ( !fileLock.isValid() ) ) - { - String message = "the working directory " + instanceLayout.getRunDirectory() - + " has been locked by another directory service."; - LOG.error( message ); - throw new RuntimeException( message ); - } - - } - - - /** - * {@inheritDoc} - */ - public CacheService getCacheService() - { - return cacheService; - } - - - /** - * {@inheritDoc} - */ - public DnNode<AccessControlAdministrativePoint> getAccessControlAPCache() - { - return accessControlAPCache; - } - - - /** - * {@inheritDoc} - */ - public DnNode<CollectiveAttributeAdministrativePoint> getCollectiveAttributeAPCache() - { - return collectiveAttributeAPCache; - } - - - /** - * {@inheritDoc} - */ - public DnNode<SubschemaAdministrativePoint> getSubschemaAPCache() - { - return subschemaAPCache; - } - - - /** - * {@inheritDoc} - */ - public DnNode<TriggerExecutionAdministrativePoint> getTriggerExecutionAPCache() - { - return triggerExecutionAPCache; - } - - - /** - * {@inheritDoc} - */ - public boolean isPwdPolicyEnabled() - { - AuthenticationInterceptor authenticationInterceptor = (AuthenticationInterceptor) getInterceptor( InterceptorEnum.AUTHENTICATION_INTERCEPTOR - .getName() ); - - if ( authenticationInterceptor == null ) - { - return false; - } - - PpolicyConfigContainer pwdPolicyContainer = authenticationInterceptor.getPwdPolicyContainer(); - - return ( ( pwdPolicyContainer != null ) - && ( ( pwdPolicyContainer.getDefaultPolicy() != null ) - || ( pwdPolicyContainer.hasCustomConfigs() ) ) ); - } - - - /** - * {@inheritDoc} - */ - public DnFactory getDnFactory() - { - return dnFactory; - } - - - /** - * {@inheritDoc} - */ - public void setDnFactory( DnFactory dnFactory ) - { - this.dnFactory = dnFactory; - } - - - /** - * {@inheritDoc} - */ - public SubentryCache getSubentryCache() - { - return subentryCache; - } - - - /** - * {@inheritDoc} - */ - public SubtreeEvaluator getEvaluator() - { - return evaluator; - } - - - /** - * {@inheritDoc} - */ - public void setCacheService( CacheService cacheService ) - { - this.cacheService = cacheService; - } - -} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-demo-ldap/src/main/java/org/apache/hadoop/gateway/security/ldap/BaseDirectoryServiceFactory.java ---------------------------------------------------------------------- diff --git a/gateway-demo-ldap/src/main/java/org/apache/hadoop/gateway/security/ldap/BaseDirectoryServiceFactory.java b/gateway-demo-ldap/src/main/java/org/apache/hadoop/gateway/security/ldap/BaseDirectoryServiceFactory.java deleted file mode 100644 index 2d2bc1f..0000000 --- a/gateway-demo-ldap/src/main/java/org/apache/hadoop/gateway/security/ldap/BaseDirectoryServiceFactory.java +++ /dev/null @@ -1,290 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.hadoop.gateway.security.ldap; - -import org.apache.commons.io.FileUtils; -import org.apache.directory.api.ldap.model.constants.SchemaConstants; -import org.apache.directory.api.ldap.model.schema.LdapComparator; -import org.apache.directory.api.ldap.model.schema.SchemaManager; -import org.apache.directory.api.ldap.model.schema.comparators.NormalizingComparator; -import org.apache.directory.api.ldap.model.schema.registries.ComparatorRegistry; -import org.apache.directory.api.ldap.model.schema.registries.SchemaLoader; -import org.apache.directory.api.ldap.schemaextractor.SchemaLdifExtractor; -import org.apache.directory.api.ldap.schemaextractor.impl.DefaultSchemaLdifExtractor; -import org.apache.directory.api.ldap.schemaloader.LdifSchemaLoader; -import org.apache.directory.api.ldap.schemamanager.impl.DefaultSchemaManager; -import org.apache.directory.api.util.exception.Exceptions; -import org.apache.directory.server.constants.ServerDNConstants; -import org.apache.directory.server.core.DefaultDirectoryService; -import org.apache.directory.server.core.api.CacheService; -import org.apache.directory.server.core.api.DirectoryService; -import org.apache.directory.server.core.api.InstanceLayout; -import org.apache.directory.server.core.api.partition.Partition; -import org.apache.directory.server.core.api.schema.SchemaPartition; -import org.apache.directory.server.core.factory.DefaultDirectoryServiceFactory; -import org.apache.directory.server.core.factory.DirectoryServiceFactory; -import org.apache.directory.server.core.factory.JdbmPartitionFactory; -import org.apache.directory.server.core.factory.PartitionFactory; -import org.apache.directory.server.core.partition.ldif.LdifPartition; -import org.apache.directory.server.i18n.I18n; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import java.io.File; -import java.io.IOException; -import java.util.List; - - -/** - * A Default factory for DirectoryService. - * This is a copy of org.apache.directory.server.core.factory.DefaultDirectoryServiceFactory - * created to control how the DirectoryService is created. This can be removed - * when http://svn.apache.org/r1546144 in ApacheDS 2.0.0-M16 is available. - * - * @author <a href="mailto:d...@directory.apache.org">Apache Directory Project</a> - */ -public class BaseDirectoryServiceFactory implements DirectoryServiceFactory -{ - /** A logger for this class */ - private static final Logger LOG = LoggerFactory.getLogger( DefaultDirectoryServiceFactory.class ); - - /** The directory service. */ - private DirectoryService directoryService; - - /** The partition factory. */ - private PartitionFactory partitionFactory; - - - public BaseDirectoryServiceFactory() - { - directoryService = createDirectoryService(); - partitionFactory = createPartitionFactory(); - } - - protected DirectoryService createDirectoryService() { - DirectoryService result; - try - { - // Creating the instance here so that - // we we can set some properties like accesscontrol, anon access - // before starting up the service - result = new DefaultDirectoryService(); - - // No need to register a shutdown hook during tests because this - // starts a lot of threads and slows down test execution - result.setShutdownHookEnabled( false ); - } - catch ( Exception e ) - { - throw new RuntimeException( e ); - } - return result; - } - - protected PartitionFactory createPartitionFactory() { - PartitionFactory result; - try - { - String typeName = System.getProperty( "apacheds.partition.factory" ); - if ( typeName != null ) - { - Class<? extends PartitionFactory> type = ( Class<? extends PartitionFactory> ) Class.forName( typeName ); - result = type.newInstance(); - } - else - { - result = new JdbmPartitionFactory(); - } - } - catch ( Exception e ) - { - LOG.error( "Error instantiating custom partition factory", e ); - throw new RuntimeException( e ); - } - return result; - } - - /** - * {@inheritDoc} - */ - public void init( String name ) throws Exception - { - if ( ( directoryService != null ) && directoryService.isStarted() ) - { - return; - } - - build( name ); - } - - - /** - * Build the working directory - */ - private void buildInstanceDirectory( String name ) throws IOException - { - String instanceDirectory = System.getProperty( "workingDirectory" ); - - if ( instanceDirectory == null ) - { - instanceDirectory = System.getProperty( "java.io.tmpdir" ) + "/server-work-" + name; - } - - InstanceLayout instanceLayout = new InstanceLayout( instanceDirectory ); - - if ( instanceLayout.getInstanceDirectory().exists() ) - { - try - { - FileUtils.deleteDirectory( instanceLayout.getInstanceDirectory() ); - } - catch ( IOException e ) - { - LOG.warn( "couldn't delete the instance directory before initializing the DirectoryService", e ); - } - } - - directoryService.setInstanceLayout( instanceLayout ); - } - - - /** - * Inits the schema and schema partition. - */ - private void initSchema() throws Exception - { - File workingDirectory = directoryService.getInstanceLayout().getPartitionsDirectory(); - - // Extract the schema on disk (a brand new one) and load the registries - File schemaRepository = new File( workingDirectory, "schema" ); - SchemaLdifExtractor extractor = new DefaultSchemaLdifExtractor( workingDirectory ); - - try - { - extractor.extractOrCopy(); - } - catch ( IOException ioe ) - { - // The schema has already been extracted, bypass - } - - SchemaLoader loader = new LdifSchemaLoader( schemaRepository ); - SchemaManager schemaManager = new DefaultSchemaManager( loader ); - - // We have to load the schema now, otherwise we won't be able - // to initialize the Partitions, as we won't be able to parse - // and normalize their suffix Dn - schemaManager.loadAllEnabled(); - - // Tell all the normalizer comparators that they should not normalize anything - ComparatorRegistry comparatorRegistry = schemaManager.getComparatorRegistry(); - - for ( LdapComparator<?> comparator : comparatorRegistry ) - { - if ( comparator instanceof NormalizingComparator ) - { - ( ( NormalizingComparator ) comparator ).setOnServer(); - } - } - - directoryService.setSchemaManager( schemaManager ); - - // Init the LdifPartition - LdifPartition ldifPartition = new LdifPartition( schemaManager, directoryService.getDnFactory() ); - ldifPartition.setPartitionPath( new File( workingDirectory, "schema" ).toURI() ); - SchemaPartition schemaPartition = new SchemaPartition( schemaManager ); - schemaPartition.setWrappedPartition( ldifPartition ); - directoryService.setSchemaPartition( schemaPartition ); - - List<Throwable> errors = schemaManager.getErrors(); - - if ( errors.size() != 0 ) - { - throw new Exception( I18n.err( I18n.ERR_317, Exceptions.printErrors( errors ) ) ); - } - } - - - /** - * Inits the system partition. - * - * @throws Exception the exception - */ - private void initSystemPartition() throws Exception - { - // change the working directory to something that is unique - // on the system and somewhere either under target directory - // or somewhere in a temp area of the machine. - - // Inject the System Partition - Partition systemPartition = partitionFactory.createPartition( - directoryService.getSchemaManager(), - directoryService.getDnFactory(), - "system", - ServerDNConstants.SYSTEM_DN, - 500, - new File( directoryService.getInstanceLayout().getPartitionsDirectory(), "system" ) ); - systemPartition.setSchemaManager( directoryService.getSchemaManager() ); - - partitionFactory.addIndex( systemPartition, SchemaConstants.OBJECT_CLASS_AT, 100 ); - - directoryService.setSystemPartition( systemPartition ); - } - - - /** - * Builds the directory server instance. - * - * @param name the instance name - */ - private void build( String name ) throws Exception - { - directoryService.setInstanceId( name ); - buildInstanceDirectory( name ); - - CacheService cacheService = new CacheService(); - cacheService.initialize( directoryService.getInstanceLayout() ); - - directoryService.setCacheService( cacheService ); - - // Init the service now - initSchema(); - initSystemPartition(); - - directoryService.startup(); - } - - - /** - * {@inheritDoc} - */ - public DirectoryService getDirectoryService() throws Exception - { - return directoryService; - } - - - /** - * {@inheritDoc} - */ - public PartitionFactory getPartitionFactory() throws Exception - { - return partitionFactory; - } -} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-demo-ldap/src/main/java/org/apache/hadoop/gateway/security/ldap/SimpleDirectoryService.java ---------------------------------------------------------------------- diff --git a/gateway-demo-ldap/src/main/java/org/apache/hadoop/gateway/security/ldap/SimpleDirectoryService.java b/gateway-demo-ldap/src/main/java/org/apache/hadoop/gateway/security/ldap/SimpleDirectoryService.java deleted file mode 100644 index 68fa1da..0000000 --- a/gateway-demo-ldap/src/main/java/org/apache/hadoop/gateway/security/ldap/SimpleDirectoryService.java +++ /dev/null @@ -1,29 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.hadoop.gateway.security.ldap; - -public class SimpleDirectoryService extends BaseDirectoryService { - - public SimpleDirectoryService() throws Exception { - } - - protected void showSecurityWarnings() throws Exception { - // NoOp - This prevents confusing warnings from being output. - } - -} http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-demo-ldap/src/main/java/org/apache/hadoop/gateway/security/ldap/SimpleDirectoryServiceFactory.java ---------------------------------------------------------------------- diff --git a/gateway-demo-ldap/src/main/java/org/apache/hadoop/gateway/security/ldap/SimpleDirectoryServiceFactory.java b/gateway-demo-ldap/src/main/java/org/apache/hadoop/gateway/security/ldap/SimpleDirectoryServiceFactory.java deleted file mode 100644 index 72a05ff..0000000 --- a/gateway-demo-ldap/src/main/java/org/apache/hadoop/gateway/security/ldap/SimpleDirectoryServiceFactory.java +++ /dev/null @@ -1,34 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.hadoop.gateway.security.ldap; - -import org.apache.directory.server.core.api.DirectoryService; - -public class SimpleDirectoryServiceFactory extends BaseDirectoryServiceFactory { - - protected DirectoryService createDirectoryService() { - DirectoryService result; - try { - result = new SimpleDirectoryService(); - } catch( Exception e ) { - throw new RuntimeException( e ); - } - return result; - } - -}