Repository: karaf Updated Branches: refs/heads/karaf-4.0.x 48b067cde -> 69b067608
[KARAF-4871] LDAPLoginModule allows non defined role filter. Thanks to Colm O hEigeartaigh. Project: http://git-wip-us.apache.org/repos/asf/karaf/repo Commit: http://git-wip-us.apache.org/repos/asf/karaf/commit/69b06760 Tree: http://git-wip-us.apache.org/repos/asf/karaf/tree/69b06760 Diff: http://git-wip-us.apache.org/repos/asf/karaf/diff/69b06760 Branch: refs/heads/karaf-4.0.x Commit: 69b06760856948e23b9cba7589de99c41ae6f85b Parents: 48b067c Author: Jean-Baptiste Onofré <jbono...@apache.org> Authored: Thu Dec 1 15:44:06 2016 +0100 Committer: Jean-Baptiste Onofré <jbono...@apache.org> Committed: Thu Dec 1 15:46:30 2016 +0100 ---------------------------------------------------------------------- .../karaf/jaas/modules/ldap/LDAPCache.java | 87 +++++++++++--------- 1 file changed, 47 insertions(+), 40 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/karaf/blob/69b06760/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPCache.java ---------------------------------------------------------------------- diff --git a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPCache.java b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPCache.java index 203eb66..f80af8c 100644 --- a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPCache.java +++ b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPCache.java @@ -124,11 +124,13 @@ public class LDAPCache implements Closeable, NamespaceChangeListener, ObjectChan eventContext.addNamingListener(options.getUserBaseDn(), filter, constraints, this); filter = options.getRoleFilter(); - filter = filter.replaceAll(Pattern.quote("%u"), Matcher.quoteReplacement("*")); - filter = filter.replaceAll(Pattern.quote("%dn"), Matcher.quoteReplacement("*")); - filter = filter.replaceAll(Pattern.quote("%fqdn"), Matcher.quoteReplacement("*")); - filter = filter.replace("\\", "\\\\"); - eventContext.addNamingListener(options.getRoleBaseDn(), filter, constraints, this); + if (filter != null) { + filter = filter.replaceAll(Pattern.quote("%u"), Matcher.quoteReplacement("*")); + filter = filter.replaceAll(Pattern.quote("%dn"), Matcher.quoteReplacement("*")); + filter = filter.replaceAll(Pattern.quote("%fqdn"), Matcher.quoteReplacement("*")); + filter = filter.replace("\\", "\\\\"); + eventContext.addNamingListener(options.getRoleBaseDn(), filter, constraints, this); + } } return context; @@ -238,50 +240,55 @@ public class LDAPCache implements Closeable, NamespaceChangeListener, ObjectChan } String filter = options.getRoleFilter(); - filter = filter.replaceAll(Pattern.quote("%u"), Matcher.quoteReplacement(user)); - filter = filter.replaceAll(Pattern.quote("%dn"), Matcher.quoteReplacement(userDn)); - filter = filter.replaceAll(Pattern.quote("%fqdn"), Matcher.quoteReplacement(userDnNamespace)); - filter = filter.replace("\\", "\\\\"); + if (filter != null) { + filter = filter.replaceAll(Pattern.quote("%u"), Matcher.quoteReplacement(user)); + filter = filter.replaceAll(Pattern.quote("%dn"), Matcher.quoteReplacement(userDn)); + filter = filter.replaceAll(Pattern.quote("%fqdn"), Matcher.quoteReplacement(userDnNamespace)); + filter = filter.replace("\\", "\\\\"); - LOGGER.debug("Looking for the user roles in LDAP with "); - LOGGER.debug(" base DN: " + options.getRoleBaseDn()); - LOGGER.debug(" filter: " + filter); + LOGGER.debug("Looking for the user roles in LDAP with "); + LOGGER.debug(" base DN: " + options.getRoleBaseDn()); + LOGGER.debug(" filter: " + filter); - NamingEnumeration namingEnumeration = context.search(options.getRoleBaseDn(), filter, controls); - try { - List<String> rolesList = new ArrayList<>(); - while (namingEnumeration.hasMore()) { - SearchResult result = (SearchResult) namingEnumeration.next(); - Attributes attributes = result.getAttributes(); - Attribute roles1 = attributes.get(options.getRoleNameAttribute()); - if (roles1 != null) { - for (int i = 0; i < roles1.size(); i++) { - String role = (String) roles1.get(i); - if (role != null) { - LOGGER.debug("User {} is a member of role {}", user, role); - // handle role mapping - Set<String> roleMappings = tryMappingRole(role); - if (roleMappings.isEmpty()) { - rolesList.add(role); - } else { - for (String roleMapped : roleMappings) { - rolesList.add(roleMapped); + NamingEnumeration namingEnumeration = context.search(options.getRoleBaseDn(), filter, controls); + try { + List<String> rolesList = new ArrayList<>(); + while (namingEnumeration.hasMore()) { + SearchResult result = (SearchResult) namingEnumeration.next(); + Attributes attributes = result.getAttributes(); + Attribute roles1 = attributes.get(options.getRoleNameAttribute()); + if (roles1 != null) { + for (int i = 0; i < roles1.size(); i++) { + String role = (String) roles1.get(i); + if (role != null) { + LOGGER.debug("User {} is a member of role {}", user, role); + // handle role mapping + Set<String> roleMappings = tryMappingRole(role); + if (roleMappings.isEmpty()) { + rolesList.add(role); + } else { + for (String roleMapped : roleMappings) { + rolesList.add(roleMapped); + } } } } } - } - } - return rolesList.toArray(new String[rolesList.size()]); - } finally { - if (namingEnumeration != null) { - try { - namingEnumeration.close(); - } catch (NamingException e) { - // Ignore + } + return rolesList.toArray(new String[rolesList.size()]); + } finally { + if (namingEnumeration != null) { + try { + namingEnumeration.close(); + } catch (NamingException e) { + // Ignore + } } } + } else { + LOGGER.debug("The user role filter is null so no roles are retrieved"); + return new String[] {}; } }