Repository: activemq Updated Branches: refs/heads/activemq-5.9 196f261ea -> c1fc98a05
AMQ-4685: Improved LDAPLoginModule to support ldap alias when result is absolute. Thanks to Igor Podolskiy for patch. Project: http://git-wip-us.apache.org/repos/asf/activemq/repo Commit: http://git-wip-us.apache.org/repos/asf/activemq/commit/afc0f938 Tree: http://git-wip-us.apache.org/repos/asf/activemq/tree/afc0f938 Diff: http://git-wip-us.apache.org/repos/asf/activemq/diff/afc0f938 Branch: refs/heads/activemq-5.9 Commit: afc0f938ea11b8a854d15b12612a1d49c74f9ffc Parents: 196f261 Author: Claus Ibsen <[email protected]> Authored: Sat Nov 2 14:51:09 2013 +0100 Committer: Hadrian Zbarcea <[email protected]> Committed: Wed Mar 12 08:29:45 2014 -0400 ---------------------------------------------------------------------- .../apache/activemq/jaas/LDAPLoginModule.java | 46 +++++++++++++++++--- .../src/test/resources/log4j.properties | 1 + 2 files changed, 40 insertions(+), 7 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/activemq/blob/afc0f938/activemq-jaas/src/main/java/org/apache/activemq/jaas/LDAPLoginModule.java ---------------------------------------------------------------------- diff --git a/activemq-jaas/src/main/java/org/apache/activemq/jaas/LDAPLoginModule.java b/activemq-jaas/src/main/java/org/apache/activemq/jaas/LDAPLoginModule.java index 4bced65..7dc6326 100644 --- a/activemq-jaas/src/main/java/org/apache/activemq/jaas/LDAPLoginModule.java +++ b/activemq-jaas/src/main/java/org/apache/activemq/jaas/LDAPLoginModule.java @@ -17,6 +17,8 @@ package org.apache.activemq.jaas; import java.io.IOException; +import java.net.URI; +import java.net.URISyntaxException; import java.security.Principal; import java.text.MessageFormat; import java.util.*; @@ -225,13 +227,43 @@ public class LDAPLoginModule implements LoginModule { if (results.hasMore()) { // ignore for now } - NameParser parser = context.getNameParser(""); - Name contextName = parser.parse(context.getNameInNamespace()); - Name baseName = parser.parse(getLDAPPropertyValue(USER_BASE)); - Name entryName = parser.parse(result.getName()); - Name name = contextName.addAll(baseName); - name = name.addAll(entryName); - String dn = name.toString(); + + String dn; + if (result.isRelative()) { + log.debug("LDAP returned a relative name: {}", result.getName()); + + NameParser parser = context.getNameParser(""); + Name contextName = parser.parse(context.getNameInNamespace()); + Name baseName = parser.parse(getLDAPPropertyValue(USER_BASE)); + Name entryName = parser.parse(result.getName()); + Name name = contextName.addAll(baseName); + name = name.addAll(entryName); + dn = name.toString(); + } else { + log.debug("LDAP returned an absolute name: {}", result.getName()); + + try { + URI uri = new URI(result.getName()); + String path = uri.getPath(); + + if (path.startsWith("/")) { + dn = path.substring(1); + } else { + dn = path; + } + } catch (URISyntaxException e) { + if (context != null) { + close(context); + } + FailedLoginException ex = new FailedLoginException("Error parsing absolute name as URI."); + ex.initCause(e); + throw ex; + } + } + + if (log.isDebugEnabled()) { + log.debug("Using DN [" + dn + "] for binding."); + } Attributes attrs = result.getAttributes(); if (attrs == null) { http://git-wip-us.apache.org/repos/asf/activemq/blob/afc0f938/activemq-jaas/src/test/resources/log4j.properties ---------------------------------------------------------------------- diff --git a/activemq-jaas/src/test/resources/log4j.properties b/activemq-jaas/src/test/resources/log4j.properties index 18cee24..5d00c97 100644 --- a/activemq-jaas/src/test/resources/log4j.properties +++ b/activemq-jaas/src/test/resources/log4j.properties @@ -21,6 +21,7 @@ log4j.rootLogger=INFO, out, stdout log4j.logger.org.apache.activemq=INFO +#log4j.logger.org.apache.activemq.jaas.LDAPLoginModule=DEBUG # CONSOLE appender not used by default log4j.appender.stdout=org.apache.log4j.ConsoleAppender
