Example 11 with PreReadResponseControl
use of com.unboundid.ldap.sdk.controls.PreReadResponseControl in project ldapsdk by pingidentity.
the class InMemoryRequestHandler method processModifyRequest.
/**
* Attempts to process the provided modify request. The attempt will fail if
* any of the following conditions is true:
* <UL>
* <LI>There is a problem with any of the request controls.</LI>
* <LI>The modify request contains a malformed target DN.</LI>
* <LI>The target entry is the root DSE.</LI>
* <LI>The target entry is the subschema subentry.</LI>
* <LI>The target entry does not exist.</LI>
* <LI>Any of the modifications cannot be applied to the entry.</LI>
* <LI>If a schema was provided, and the entry violates any of the
* constraints of that schema.</LI>
* </UL>
*
* @param messageID The message ID of the LDAP message containing the modify
* request.
* @param request The modify request that was included in the LDAP message
* that was received.
* @param controls The set of controls included in the LDAP message. It
* may be empty if there were no controls, but will not be
* {@code null}.
*
* @return The {@link LDAPMessage} containing the response to send to the
* client. The protocol op in the {@code LDAPMessage} must be an
* {@code ModifyResponseProtocolOp}.
*/
@Override()
@NotNull()
public LDAPMessage processModifyRequest(final int messageID, @NotNull final ModifyRequestProtocolOp request, @NotNull final List<Control> controls) {
synchronized (entryMap) {
// Sleep before processing, if appropriate.
sleepBeforeProcessing();
// Process the provided request controls.
final Map<String, Control> controlMap;
try {
controlMap = RequestControlPreProcessor.processControls(LDAPMessage.PROTOCOL_OP_TYPE_MODIFY_REQUEST, controls);
} catch (final LDAPException le) {
Debug.debugException(le);
return new LDAPMessage(messageID, new ModifyResponseProtocolOp(le.getResultCode().intValue(), null, le.getMessage(), null));
}
final ArrayList<Control> responseControls = new ArrayList<>(1);
// If this operation type is not allowed, then reject it.
final boolean isInternalOp = controlMap.containsKey(OID_INTERNAL_OPERATION_REQUEST_CONTROL);
if ((!isInternalOp) && (!config.getAllowedOperationTypes().contains(OperationType.MODIFY))) {
return new LDAPMessage(messageID, new ModifyResponseProtocolOp(ResultCode.UNWILLING_TO_PERFORM_INT_VALUE, null, ERR_MEM_HANDLER_MODIFY_NOT_ALLOWED.get(), null));
}
// client is authenticated.
if ((authenticatedDN.isNullDN() && config.getAuthenticationRequiredOperationTypes().contains(OperationType.MODIFY))) {
return new LDAPMessage(messageID, new ModifyResponseProtocolOp(ResultCode.INSUFFICIENT_ACCESS_RIGHTS_INT_VALUE, null, ERR_MEM_HANDLER_MODIFY_REQUIRES_AUTH.get(), null));
}
// without actually doing any further processing.
try {
final ASN1OctetString txnID = processTransactionRequest(messageID, request, controlMap);
if (txnID != null) {
return new LDAPMessage(messageID, new ModifyResponseProtocolOp(ResultCode.SUCCESS_INT_VALUE, null, INFO_MEM_HANDLER_OP_IN_TXN.get(txnID.stringValue()), null));
}
} catch (final LDAPException le) {
Debug.debugException(le);
return new LDAPMessage(messageID, new ModifyResponseProtocolOp(le.getResultCode().intValue(), le.getMatchedDN(), le.getDiagnosticMessage(), StaticUtils.toList(le.getReferralURLs())), le.getResponseControls());
}
// Get the parsed target DN.
final DN dn;
final Schema schema = schemaRef.get();
try {
dn = new DN(request.getDN(), schema);
} catch (final LDAPException le) {
Debug.debugException(le);
return new LDAPMessage(messageID, new ModifyResponseProtocolOp(ResultCode.INVALID_DN_SYNTAX_INT_VALUE, null, ERR_MEM_HANDLER_MOD_MALFORMED_DN.get(request.getDN(), le.getMessage()), null));
}
// See if the target entry or one of its superiors is a smart referral.
if (!controlMap.containsKey(ManageDsaITRequestControl.MANAGE_DSA_IT_REQUEST_OID)) {
final Entry referralEntry = findNearestReferral(dn);
if (referralEntry != null) {
return new LDAPMessage(messageID, new ModifyResponseProtocolOp(ResultCode.REFERRAL_INT_VALUE, referralEntry.getDN(), INFO_MEM_HANDLER_REFERRAL_ENCOUNTERED.get(), getReferralURLs(dn, referralEntry)));
}
}
// changelog entry.
if (dn.isNullDN()) {
return new LDAPMessage(messageID, new ModifyResponseProtocolOp(ResultCode.UNWILLING_TO_PERFORM_INT_VALUE, null, ERR_MEM_HANDLER_MOD_ROOT_DSE.get(), null));
} else if (dn.equals(subschemaSubentryDN)) {
try {
validateSchemaMods(request);
} catch (final LDAPException le) {
return new LDAPMessage(messageID, new ModifyResponseProtocolOp(le.getResultCode().intValue(), le.getMatchedDN(), le.getMessage(), null));
}
} else if (dn.isDescendantOf(changeLogBaseDN, true)) {
return new LDAPMessage(messageID, new ModifyResponseProtocolOp(ResultCode.UNWILLING_TO_PERFORM_INT_VALUE, null, ERR_MEM_HANDLER_MOD_CHANGELOG.get(request.getDN()), null));
}
// Get the target entry. If it does not exist, then fail.
Entry entry = entryMap.get(dn);
if (entry == null) {
if (dn.equals(subschemaSubentryDN)) {
entry = subschemaSubentryRef.get().duplicate();
} else {
return new LDAPMessage(messageID, new ModifyResponseProtocolOp(ResultCode.NO_SUCH_OBJECT_INT_VALUE, getMatchedDNString(dn), ERR_MEM_HANDLER_MOD_NO_SUCH_ENTRY.get(request.getDN()), null));
}
}
// If any of the modifications target password attributes, then make sure
// they are properly encoded.
final ReadOnlyEntry readOnlyEntry = new ReadOnlyEntry(entry);
final List<Modification> unencodedMods = request.getModifications();
final ArrayList<Modification> modifications = new ArrayList<>(unencodedMods.size());
for (final Modification m : unencodedMods) {
try {
modifications.add(encodeModificationPasswords(m, readOnlyEntry, unencodedMods));
} catch (final LDAPException le) {
Debug.debugException(le);
if (le.getResultCode().isClientSideResultCode()) {
return new LDAPMessage(messageID, new ModifyResponseProtocolOp(ResultCode.UNWILLING_TO_PERFORM_INT_VALUE, le.getMatchedDN(), le.getMessage(), null));
} else {
return new LDAPMessage(messageID, new ModifyResponseProtocolOp(le.getResultCode().intValue(), le.getMatchedDN(), le.getMessage(), null));
}
}
}
// Attempt to apply the modifications to the entry. If successful, then a
// copy of the entry will be returned with the modifications applied.
final Entry modifiedEntry;
try {
modifiedEntry = Entry.applyModifications(entry, controlMap.containsKey(PermissiveModifyRequestControl.PERMISSIVE_MODIFY_REQUEST_OID), modifications);
} catch (final LDAPException le) {
Debug.debugException(le);
return new LDAPMessage(messageID, new ModifyResponseProtocolOp(le.getResultCode().intValue(), null, ERR_MEM_HANDLER_MOD_FAILED.get(request.getDN(), le.getMessage()), null));
}
// If a schema was provided, use it to validate the resulting entry.
// Also, ensure that no NO-USER-MODIFICATION attributes were targeted.
final EntryValidator entryValidator = entryValidatorRef.get();
if (entryValidator != null) {
final ArrayList<String> invalidReasons = new ArrayList<>(1);
if (!entryValidator.entryIsValid(modifiedEntry, invalidReasons)) {
return new LDAPMessage(messageID, new ModifyResponseProtocolOp(ResultCode.OBJECT_CLASS_VIOLATION_INT_VALUE, null, ERR_MEM_HANDLER_MOD_VIOLATES_SCHEMA.get(request.getDN(), StaticUtils.concatenateStrings(invalidReasons)), null));
}
for (final Modification m : modifications) {
final Attribute a = m.getAttribute();
final String baseName = a.getBaseName();
final AttributeTypeDefinition at = schema.getAttributeType(baseName);
if ((!isInternalOp) && (at != null) && at.isNoUserModification()) {
return new LDAPMessage(messageID, new ModifyResponseProtocolOp(ResultCode.CONSTRAINT_VIOLATION_INT_VALUE, null, ERR_MEM_HANDLER_MOD_NO_USER_MOD.get(request.getDN(), a.getName()), null));
}
}
}
// Perform the appropriate processing for the assertion and proxied
// authorization controls.
// Perform the appropriate processing for the assertion, pre-read,
// post-read, and proxied authorization controls.
final DN authzDN;
try {
handleAssertionRequestControl(controlMap, entry);
authzDN = handleProxiedAuthControl(controlMap);
} catch (final LDAPException le) {
Debug.debugException(le);
return new LDAPMessage(messageID, new ModifyResponseProtocolOp(le.getResultCode().intValue(), null, le.getMessage(), null));
}
// Update modifiersName and modifyTimestamp.
if (generateOperationalAttributes) {
modifiedEntry.setAttribute(new Attribute("modifiersName", DistinguishedNameMatchingRule.getInstance(), authzDN.toString()));
modifiedEntry.setAttribute(new Attribute("modifyTimestamp", GeneralizedTimeMatchingRule.getInstance(), StaticUtils.encodeGeneralizedTime(new Date())));
}
// Perform the appropriate processing for the pre-read and post-read
// controls.
final PreReadResponseControl preReadResponse = handlePreReadControl(controlMap, entry);
if (preReadResponse != null) {
responseControls.add(preReadResponse);
}
final PostReadResponseControl postReadResponse = handlePostReadControl(controlMap, modifiedEntry);
if (postReadResponse != null) {
responseControls.add(postReadResponse);
}
// Replace the entry in the map and return a success result.
if (dn.equals(subschemaSubentryDN)) {
final Schema newSchema = new Schema(modifiedEntry);
subschemaSubentryRef.set(new ReadOnlyEntry(modifiedEntry));
schemaRef.set(newSchema);
entryValidatorRef.set(new EntryValidator(newSchema));
} else {
entryMap.put(dn, new ReadOnlyEntry(modifiedEntry));
indexDelete(entry);
indexAdd(modifiedEntry);
}
addChangeLogEntry(request, authzDN);
return new LDAPMessage(messageID, new ModifyResponseProtocolOp(ResultCode.SUCCESS_INT_VALUE, null, null, null), responseControls);
}
}
Also used :
ASN1OctetString(com.unboundid.asn1.ASN1OctetString)
Modification(com.unboundid.ldap.sdk.Modification)
Attribute(com.unboundid.ldap.sdk.Attribute)
Schema(com.unboundid.ldap.sdk.schema.Schema)
LDAPMessage(com.unboundid.ldap.protocol.LDAPMessage)
ArrayList(java.util.ArrayList)
RDN(com.unboundid.ldap.sdk.RDN)
DN(com.unboundid.ldap.sdk.DN)
ASN1OctetString(com.unboundid.asn1.ASN1OctetString)
EntryValidator(com.unboundid.ldap.sdk.schema.EntryValidator)
Date(java.util.Date)
AttributeTypeDefinition(com.unboundid.ldap.sdk.schema.AttributeTypeDefinition)
ReadOnlyEntry(com.unboundid.ldap.sdk.ReadOnlyEntry)
VirtualListViewRequestControl(com.unboundid.ldap.sdk.controls.VirtualListViewRequestControl)
SubtreeDeleteRequestControl(com.unboundid.ldap.sdk.controls.SubtreeDeleteRequestControl)
RFC3672SubentriesRequestControl(com.unboundid.ldap.sdk.controls.RFC3672SubentriesRequestControl)
SimplePagedResultsControl(com.unboundid.ldap.sdk.controls.SimplePagedResultsControl)
VirtualListViewResponseControl(com.unboundid.ldap.sdk.controls.VirtualListViewResponseControl)
TransactionSpecificationRequestControl(com.unboundid.ldap.sdk.controls.TransactionSpecificationRequestControl)
DraftZeilengaLDAPNoOp12RequestControl(com.unboundid.ldap.sdk.experimental.DraftZeilengaLDAPNoOp12RequestControl)
PostReadRequestControl(com.unboundid.ldap.sdk.controls.PostReadRequestControl)
ProxiedAuthorizationV1RequestControl(com.unboundid.ldap.sdk.controls.ProxiedAuthorizationV1RequestControl)
ServerSideSortResponseControl(com.unboundid.ldap.sdk.controls.ServerSideSortResponseControl)
PreReadResponseControl(com.unboundid.ldap.sdk.controls.PreReadResponseControl)
AuthorizationIdentityResponseControl(com.unboundid.ldap.sdk.controls.AuthorizationIdentityResponseControl)
PermissiveModifyRequestControl(com.unboundid.ldap.sdk.controls.PermissiveModifyRequestControl)
AuthorizationIdentityRequestControl(com.unboundid.ldap.sdk.controls.AuthorizationIdentityRequestControl)
Control(com.unboundid.ldap.sdk.Control)
IgnoreNoUserModificationRequestControl(com.unboundid.ldap.sdk.unboundidds.controls.IgnoreNoUserModificationRequestControl)
ProxiedAuthorizationV2RequestControl(com.unboundid.ldap.sdk.controls.ProxiedAuthorizationV2RequestControl)
ServerSideSortRequestControl(com.unboundid.ldap.sdk.controls.ServerSideSortRequestControl)
PostReadResponseControl(com.unboundid.ldap.sdk.controls.PostReadResponseControl)
DontUseCopyRequestControl(com.unboundid.ldap.sdk.controls.DontUseCopyRequestControl)
AssertionRequestControl(com.unboundid.ldap.sdk.controls.AssertionRequestControl)
ManageDsaITRequestControl(com.unboundid.ldap.sdk.controls.ManageDsaITRequestControl)
DraftLDUPSubentriesRequestControl(com.unboundid.ldap.sdk.controls.DraftLDUPSubentriesRequestControl)
PreReadRequestControl(com.unboundid.ldap.sdk.controls.PreReadRequestControl)
ChangeLogEntry(com.unboundid.ldap.sdk.ChangeLogEntry)
SearchResultEntry(com.unboundid.ldap.sdk.SearchResultEntry)
Entry(com.unboundid.ldap.sdk.Entry)
ReadOnlyEntry(com.unboundid.ldap.sdk.ReadOnlyEntry)
LDAPException(com.unboundid.ldap.sdk.LDAPException)
PreReadResponseControl(com.unboundid.ldap.sdk.controls.PreReadResponseControl)
ModifyResponseProtocolOp(com.unboundid.ldap.protocol.ModifyResponseProtocolOp)
PostReadResponseControl(com.unboundid.ldap.sdk.controls.PostReadResponseControl)
NotNull(com.unboundid.util.NotNull)
Aggregations
PreReadResponseControl (com.unboundid.ldap.sdk.controls.PreReadResponseControl)11
PreReadRequestControl (com.unboundid.ldap.sdk.controls.PreReadRequestControl)9
PostReadResponseControl (com.unboundid.ldap.sdk.controls.PostReadResponseControl)8
PostReadRequestControl (com.unboundid.ldap.sdk.controls.PostReadRequestControl)7
ASN1OctetString (com.unboundid.asn1.ASN1OctetString)6
Control (com.unboundid.ldap.sdk.Control)5
Entry (com.unboundid.ldap.sdk.Entry)5
LDAPException (com.unboundid.ldap.sdk.LDAPException)5
ReadOnlyEntry (com.unboundid.ldap.sdk.ReadOnlyEntry)5
SearchResultEntry (com.unboundid.ldap.sdk.SearchResultEntry)5
Test (org.testng.annotations.Test)5
Attribute (com.unboundid.ldap.sdk.Attribute)4
ChangeLogEntry (com.unboundid.ldap.sdk.ChangeLogEntry)4
DN (com.unboundid.ldap.sdk.DN)4
LDAPResult (com.unboundid.ldap.sdk.LDAPResult)4
AssertionRequestControl (com.unboundid.ldap.sdk.controls.AssertionRequestControl)4
AuthorizationIdentityResponseControl (com.unboundid.ldap.sdk.controls.AuthorizationIdentityResponseControl)4
ServerSideSortResponseControl (com.unboundid.ldap.sdk.controls.ServerSideSortResponseControl)4
SimplePagedResultsControl (com.unboundid.ldap.sdk.controls.SimplePagedResultsControl)4
VirtualListViewResponseControl (com.unboundid.ldap.sdk.controls.VirtualListViewResponseControl)4
