org.forgerock / org.forgerock.opendj

13 Jan, 2014

1 commit

13 Dec, 2013

1 commit

  • 08290ad6   OPENDJ-1222 Global update of CDDL copyright headers ... Browse Dir » 
    
Most of the replace was done by global search replace from Eclipse via regular expressions.
Individual files had incorrect headers or badly formatted ones, so some of them have been done manually by replacing the content between CDDL HEADER START and CDDL HEADER END.
Some headers were quoting "trunk/opends/resource/legal-notices/CDDLv1_0.txt" while it should have been "legal-notices/CDDLv1_0.txt".


Removed:
- resource/legal-notices/OpenDS.LICENSE

The following required manual changes:
- build.xml
- ext/checkstyle/opendj.sourceheader
- resource/admin/java-utilities.xsl
- src/build-tools/org/opends/build/tools/ProcessFilesForPackages.java
- src/build-tools/windows/*
- src/pkg/opends-dsml-gateway_proto.py
- src/pkg/opends_proto.py
- src/server/org/opends/server/util/ServerConstants.java
- tests/staf-tests/functional-tests/shared/data/aci/aci_targattrfilter/add_aci18.ldif
- tests/staf-tests/build.bat

An incorrect header mentionning "exclude" instead of "include" in the copyright header existed for: tests/staf-tests/functional-tests/testcases/backends/backup/**/*

Some files have no copyright headers at all. I did not update them. Here is some of them (more exist):
- tests/staf-tests/functional-tests/shared/data/core/psearch/**/*.ref
- tests/staf-tests/functional-tests/shared/data/core/psearch/**/delete.ldif


git-svn-id: https://svn.forgerock.org/opendj/trunk@9984 41b1ffd8-f28e-4786-ab96-9950f0a78031
    JnRouvignac
     

31 Jul, 2013

1 commit

25 Jul, 2013

1 commit

  • 50f83315   OPENDJ-948 (CR-1873) unauthorized disclosure of directory contents ... Browse Dir » 
    This commit addresses information disclosure for:

- result code: change from info disclosing result codes to a default result code that hides the ACI-protected info to the current operation.
- error message (additional information): any message containing the entryDN will be filtered out if the entryDN is ACI-protected.
- matchedDN: check whether the matchedDN is ACI-protected
- debugsearchindex


Information disclosing result code and error message are now saved as masked result code and masked message and are logged as such when they are present.



config.ldif:
Added "debugsearchindex" to an ACI to prevent Anonymous Read Access. If this is not enough, then we would need to create a new ACI.


AccessControlHandler.java:
Added canDiscloseInformation().

Operation.java, AbstractOperation.java, OperationWrapper.java:
Added getMaskedResultCode(), setMaskedResultCode(), getMaskedErrorMessage(), setMaskedErrorMessage(), appendMaskedErrorMessage().
In setReponseData(), copied the masked result code and error message.

DirectoryException.java:
Added getMaskedResultCode(), setMaskedResultCode(), getMaskedErrorMessage(), setMaskedErrorMessage().

LocalBackendWorkflowElement.java:
Used javadocs.
Created method newDirectoryException(), setResultCodeAndMessageNoInfoDisclosure() and filterNonDisclosableMatchedDN().

LocalBackend*Operation.java:
Added setResultCodeAndMessageNoInfoDisclosure() and newDirectoryException() forwarding to the corresponding LocalBackendWorkflowElement methods + extensively made use of these methods.
In processLocal*() methods, added a try/finally to call LocalBackendWorkflowElement.filterNonDisclosableMatchedDN().
Moved some blocks of code under the protection of try/catch blocks to ensure proper error handling when calling the exception throwing setResultCodeAndMessageNoInfoDisclosure() + as a consequence, moved some null checks to the finally blocks.
Removed some try/catch duplicating outer try/catch blocks.

LocalBackendModifyOperation.java:
In processLocalModify(), removed try/catch around checkWritability() because catch is duplicated with outer try/catch.
Used StaticUtils.collectionToString().

TextAccessLogPublisher.java:
Renamed appendMessage() into appendResultCodeAndMessage() + integrated there logging of "result" + added logging of "maskedResult" and "maskedMessage".

git-svn-id: https://svn.forgerock.org/opendj/trunk@9289 41b1ffd8-f28e-4786-ab96-9950f0a78031
    JnRouvignac
     

11 Jun, 2013

1 commit

27 May, 2013

2 commits

24 May, 2013

1 commit

13 May, 2013

1 commit

  • a191cd8c   OPENDJ-858 (CR-1651) Add stats tracking to HTTP client connections ... Browse Dir » 
    Added support for monitoring statistics of the HTTP connection handler:
It monitors: total number of requests, and number of delete, get, patch, post and put requests.
It also monitors the internal LDAP operations to display how the server is performing.


HTTPConnectionHandler.java, HTTPClientConnection.java, CollectClientConnectionsFilter.java, SdkConnectionAdapter.java:
Added support for statistics.

config.ldif, HTTPConnectionHandlerConfiguration.xml, HTTPConnectionHandlerCfgDefn.properties:
Added "keep-stats" property.

02-config.ldif:
Added attributes "ds-mon-http-*" for monitoring HTTP statistics.

LDAPStatistics.java:
Changed getMonitorData() return type to List.
Made createAttribute protected.

HTTPStatsProbe.java, HTTPStatistics.java: ADDED


git-svn-id: https://svn.forgerock.org/opendj/trunk@8859 41b1ffd8-f28e-4786-ab96-9950f0a78031
    JnRouvignac
     

07 May, 2013

1 commit

03 May, 2013

1 commit

  • 90314ebf   OPENDJ-879 (CR-1642) Add HTTP access log ... Browse Dir » 
    

Implemented the HTTP access logger by taking inspiration from other loggers.
Configured the new logger everywhere other loggers are configured.
Logged the HTTP request in several places to cover all cases (happy paths, errors, etc.).



config.ldif, 02-config.ldif, HTTPAccessLogPublisherConfiguration.xml, FileBasedHTTPAccessLogPublisherConfiguration.xml, HTTPAccessLogPublisherCfgDefn.properties, FileBasedHTTPAccessLogPublisherCfgDefn.properties: ADDED
Added 2 new objectClasses HTTPAccessLogPublisherConfiguration and FileBasedHTTPAccessLogPublisherConfiguration.

config.properties:
Added new error messages for the HTTP access logger.

HTTPAccessLogger.java, HTTPAccessLogPublisher.java, TextHTTPAccessLogPublisher.java, HTTPRequestInfo.java: ADDED
HTTPRequestInfo.log() prevents double logging.

CollectClientConnectionsFilter.java:
Logged the request info when HttpServletResponse.setStatus(), sendAuthenticationFailure() and onFailure() are called.
Pushed more data to the HTTPRequestContext + switched to use the more specific HttpServletRequest/HttpServletResponse

SdkConnectionAdapter.java:
Logged the request info when close() is called.

LoggerConfigManager.java, TestCaseUtils.java:
Configured the HTTP access logger.

InProcessServerController.java: TO BE REMOVED (by Matt on the native packaging branch)



Sample log:
localhost bjensen [03/May/2013:10:14:54 +0200] "GET /users/_queryFilter=true&_prettyPrint=true HTTP/1.1" 500 "curl/7.27.0"
localhost bjensen [03/May/2013:10:15:05 +0200] "GET /users/_queryFilter=true&_prettyPrint=true HTTP/1.1" 200 "curl/7.27.0"
localhost  [03/May/2013:10:15:14 +0200] "GET /users/_queryFilter=true&_prettyPrint=true HTTP/1.1" 200 "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:20.0) Gecko/20100101 Firefox/20.0"
localhost  [03/May/2013:10:16:40 +0200] "GET /users/_queryFilter=true&_prettyPrint=true HTTP/1.1" 401 "curl/7.27.0"
localhost  [03/May/2013:10:16:50 +0200] "GET /users/_queryFilter=true&_prettyPrint=true HTTP/1.1" 200 "curl/7.27.0"
localhost  [03/May/2013:10:16:51 +0200] "GET /favicon.ico/null HTTP/1.1" 404 "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:20.0) Gecko/20100101 Firefox/20.0"
localhost  [03/May/2013:10:17:10 +0200] "GET /users/_queryFilter=true&_prettyPrint=true HTTP/1.1" 200 "curl/7.27.0"

git-svn-id: https://svn.forgerock.org/opendj/trunk@8832 41b1ffd8-f28e-4786-ab96-9950f0a78031
    JnRouvignac
     

12 Apr, 2013

1 commit

  • 5b0bc986   OPENDJ-830 (CR-1538) Implement authentication and authorization for HTTP connection handler ... Browse Dir » 
    Added the possibility for the HTTP Connection Handler to accept unauthenticated requests.

CollectClientConnectionsFilter.java:
Extracted method getAuthenticationInfo() and added support for unauthenticated requests here.

CollectClientConnectionsFilterTest.java:
Added tests.

HTTPConnectionHandler.java:
Added acceptUnauthenticatedRequests().

config.ldif, 02-config.ldif, HTTPConnectionHandlerConfiguration.xml, HTTPConnectionHandlerCfgDefn.properties:
Added property 'ds-cfg-authentication-required' with default 'true' to HTTP Connection Handler

git-svn-id: https://svn.forgerock.org/opendj/trunk@8733 41b1ffd8-f28e-4786-ab96-9950f0a78031
    JnRouvignac
     

11 Apr, 2013

1 commit

08 Apr, 2013

1 commit

04 Apr, 2013

1 commit

25 Mar, 2013

1 commit

  • 283f541d   OPENDJ-808 Implement a simple commons REST based HTTP connection handler ... Browse Dir » 
    Added support for using the Rest2LDAP servlet from OpenDJ HTTPConnectionHandler.



HTTPConnectionHandler.java:
Added support for using the Rest2LDAP servlet + removed the FakeServlet.
Added the JSON_MAPPER constant to parse the JSON config file for Rest2LDAP.
Added getClientConnectionsMap() getter.
Added getConnectionFactory() method, heavily inspired from org.forgerock.opendj.rest2ldap.servlet.Rest2LDAPConnectionFactoryProvider.getConnectionFactory().
In startHttpServer(), silenced Grizzly logging + set the IOThreadStrategy to be single threaded + changed the access path to the servlet.

CollectClientConnectionsFilter.java:
Added support for using the Rest2LDAP servlet.
Removed clientConnections instance member, now get this value from the HTTPConnectionHandler.

config.ldif, 02-config.ldif, HTTPConnectionHandlerConfiguration.xml, HTTPConnectionHandlerCfgDefn.properties:
Added ds-cfg-config-file property to ds-cfg-http-connection-handler objectClass.

http-config.json: ADDED (copied from opendj-rest2ldap-servlet project)


ivy.xml:
Added dependencies to Rest2LDAP.

ivysettings.xml:
Added support for updating SNAPSHOTS.


git-svn-id: https://svn.forgerock.org/opendj/trunk@8638 41b1ffd8-f28e-4786-ab96-9950f0a78031
    JnRouvignac
     

20 Mar, 2013

2 commits

  • d5cc402e   Disable http connection handler by default. Not ready to be used yet. ... Browse Dir » 
    git-svn-id: https://svn.forgerock.org/opendj/trunk@8620 41b1ffd8-f28e-4786-ab96-9950f0a78031
    ludo
     
  • f0693aec   OPENDJ-808 Implement a simple commons REST based HTTP connection handler ... Browse Dir » 
    Added the HTTPConnnectionHandler implemented using Grizzly.
Added support for all configuration similar to the LDAPConnectionHandler.
Missing support for ds-cfg-keep-stats and ds-cfg-num-request-handlers.


config.ldif, 02-config.ldif:
Added new entry for HTTP connection handler + defaults.

HTTPConnectionHandlerCfgDefn.properties, HTTPConnectionHandlerConfiguration.xml: ADDED

LDAPConnectionHandlerConfiguration.xml:
Moved properties common to HTTPConnectionHandlerConfiguration.xml to Package.xml .

protocol*.properties:
Merged protocol messages between LDAP, HTTP and JMX. Made them non LDAP specific.
Added 2 new protocol messages for HTTP.


CollectClientConnectionsFilter.java, HTTPClientConnection.java, HTTPConnectionHandler.java, package-info.java: ADDED

JmxClientConnection.java, JmxConnectionHandler.java, LDAPClientConnection.java:
Used common protocol messages.

LDAPConnectionHandler.java
Used common protocol messages.
Extracted method configureSSL()
Simplified the code in getEnabledSSLCipherSuites() and getEnabledSSLProtocols() and protected against a multi threaded change ofg the SSL engine by using a local copy.



git-svn-id: https://svn.forgerock.org/opendj/trunk@8613 41b1ffd8-f28e-4786-ab96-9950f0a78031
    JnRouvignac
     

20 Feb, 2013

1 commit

19 Dec, 2012

1 commit

18 Dec, 2012

1 commit

22 Sep, 2012

1 commit

10 Aug, 2012

1 commit

07 Aug, 2012

1 commit

11 May, 2012

1 commit

  • b9d7dd79   Fix OPENDJ-482: Validation for the CertificateSyntax ... Browse Dir » 
    A huge thanks to Manuel Gaupp for this contribution.

In addition to the original contributed change I have made the following alterations:

* make the CertificateSyntax strictness configurable. By default the syntax will enforce the syntax, but this can be disabled if needed

* add a new method "isHumanReadable" to AttributeSyntax and AttributeType classes in order to make it easier to determine whether or not a syntax/type is human readable. This can be used in order to determine whether or not an attribute value can be included in log messages, for example.


git-svn-id: https://svn.forgerock.org/opendj/trunk@7979 41b1ffd8-f28e-4786-ab96-9950f0a78031
    matthew
     

19 Mar, 2012

1 commit

23 Feb, 2012

1 commit

12 Dec, 2011

1 commit

03 Nov, 2011

1 commit

02 Nov, 2011

1 commit

25 Oct, 2011

1 commit

19 Oct, 2011

1 commit

11 Oct, 2011

1 commit

18 Aug, 2011

1 commit

  • bd256e2e   Initial checkpoint of work for OPENDJ-262: Implement pass through authentication (PTA) ... Browse Dir » 
    Refactor PasswordPolicy implementation so that we now have a common parent type, "AuthenticatioPolicy", which will act as a common entry point for all authentication policies. In particular, password policies can be thought of as a specific type of authentication policy: one where authentication and the user's credentials are managed locally. PTA can be thought of as a non-local authentication policy: the password is managed by a third party.

With this change we still only have one type of authentication policy and no attempt has been made to refactor code which uses it. More specifically, code such as the local backend WFE just type-casts the authentication policy to a password policy.

Another implication of this change is that sub-entry based password policies now automatically inherit run-time changes made to the default password policy, whereas before a server restart was required.


git-svn-id: https://svn.forgerock.org/opendj/trunk@7192 41b1ffd8-f28e-4786-ab96-9950f0a78031
    matthew
     

09 Jun, 2011

2 commits

06 Jun, 2011

1 commit

17 May, 2011

1 commit

02 Feb, 2011

1 commit

26 Nov, 2010

1 commit