Description
If one tries to run the prescriptive ACI example from the documentation at
http://directory.apache.org/subprojects/apacheds/docs/users/enablesearchforallusers.html
the server barfs with the following message:
[13:23:58] WARN [org.apache.directory.server.core.authz.TupleCache] - ACIItem parser failure on 'null'. Cannnot add ACITuples to TupleCache.
java.text.ParseException: Parser failure on ACIItem:
{ identificationTag "enableSearchForAllUsers", precedence 14, authenticationLevel simple, itemOrUserFirst userFirst: {
userClasses
{
protectedItems {entry, allUserAttributeTypesAndValues},
grantsAndDenials { grantRead, grantReturnDN, grantBrowse }
}
}
} }
Antlr exception trace:
unexpected char: 0x0A
at org.apache.directory.shared.ldap.aci.ACIItemParser.parse(ACIItemParser.java:118)
at org.apache.directory.server.core.authz.TupleCache.subentryAdded(TupleCache.java:166)
at org.apache.directory.server.core.authz.AuthorizationService.add(AuthorizationService.java:348)
at org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.add(InterceptorChain.java:1175)
at org.apache.directory.server.core.referral.ReferralService.add(ReferralService.java:256)
at org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.add(InterceptorChain.java:1175)
at org.apache.directory.server.core.authn.AuthenticationService.add(AuthenticationService.java:192)
at org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.add(InterceptorChain.java:1175)
at org.apache.directory.server.core.normalization.NormalizationService.add(NormalizationService.java:89)
at org.apache.directory.server.core.interceptor.InterceptorChain.add(InterceptorChain.java:700)
at org.apache.directory.server.core.partition.DirectoryPartitionNexusProxy.add(DirectoryPartitionNexusProxy.java:308)
at org.apache.directory.server.core.partition.DirectoryPartitionNexusProxy.add(DirectoryPartitionNexusProxy.java:296)
at org.apache.directory.server.core.jndi.ServerDirContext.createSubcontext(ServerDirContext.java:351)
at org.apache.directory.server.core.jndi.ServerDirContext.createSubcontext(ServerDirContext.java:319)
at javax.naming.directory.InitialDirContext.createSubcontext(InitialDirContext.java:178)
at org.apache.directory.server.ldap.support.AddHandler.messageReceived(AddHandler.java:75)
at org.apache.mina.handler.demux.DemuxingIoHandler.messageReceived(DemuxingIoHandler.java:128)
at org.apache.directory.server.ldap.LdapProtocolProvider$LdapProtocolHandler.messageReceived(LdapProtocolProvider.java:431)
at org.apache.mina.common.support.AbstractIoFilterChain$2.messageReceived(AbstractIoFilterChain.java:189)
at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:494)
at org.apache.mina.common.support.AbstractIoFilterChain.access$1000(AbstractIoFilterChain.java:52)
at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:761)
at org.apache.mina.filter.LoggingFilter.messageReceived(LoggingFilter.java:87)
at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:494)
at org.apache.mina.common.support.AbstractIoFilterChain.access$1000(AbstractIoFilterChain.java:52)
at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:761)
at org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:91)
at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:494)
at org.apache.mina.common.support.AbstractIoFilterChain.access$1000(AbstractIoFilterChain.java:52)
at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:761)
at org.apache.mina.filter.ThreadPoolFilter.processEvent(ThreadPoolFilter.java:665)
at org.apache.mina.filter.ThreadPoolFilter$Worker.processEvents(ThreadPoolFilter.java:421)
at org.apache.mina.filter.ThreadPoolFilter$Worker.run(ThreadPoolFilter.java:376)
If all \n characters are removed from the example like this:
subentry
.put(
"prescriptiveACI",
"{"
+ " identificationTag \"enableSearchForAllUsers\","
+ " precedence 14,"
+ " authenticationLevel simple,"
+ " itemOrUserFirst userFirst: "
+ " { "
+ " userClasses { allUsers }
, "
+ " userPermissions "
+ " { "
+ " { "
+ " protectedItems
, "
+ " grantsAndDenials
"
+ " } } } }");
the example works as expected.