Repository: karaf Updated Branches: refs/heads/master 0e03f5cf0 -> 991903641
[KARAF-4989] Improve parsing of role.mapping option in JAAS LDAP Login Module in order to support FQDN Project: http://git-wip-us.apache.org/repos/asf/karaf/repo Commit: http://git-wip-us.apache.org/repos/asf/karaf/commit/f18cad5b Tree: http://git-wip-us.apache.org/repos/asf/karaf/tree/f18cad5b Diff: http://git-wip-us.apache.org/repos/asf/karaf/diff/f18cad5b Branch: refs/heads/master Commit: f18cad5bf0cd9ab0ca9b6f9995943f4abea5cb40 Parents: 0e03f5c Author: Andrea Tarocchi <[email protected]> Authored: Thu Feb 16 13:53:06 2017 +0000 Committer: Jean-Baptiste Onofré <[email protected]> Committed: Fri Feb 24 11:10:37 2017 +0100 ---------------------------------------------------------------------- .../karaf/jaas/modules/ldap/LDAPOptions.java | 6 +-- .../jaas/modules/ldap/LdapLoginModuleTest.java | 50 ++++++++++++++++++++ .../karaf/jaas/modules/ldap/example.com.ldif | 2 +- .../modules/ldap/example.com_with_escapes.ldif | 1 + 4 files changed, 55 insertions(+), 4 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/karaf/blob/f18cad5b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPOptions.java ---------------------------------------------------------------------- diff --git a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPOptions.java b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPOptions.java index 24c28ad..c0bd75b 100644 --- a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPOptions.java +++ b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPOptions.java @@ -125,9 +125,9 @@ public class LDAPOptions { LOGGER.debug("Parse role mapping {}", option); String[] mappings = option.split(";"); for (String mapping : mappings) { - String[] map = mapping.split("=", 2); - String ldapRole = map[0].trim(); - String[] karafRoles = map[1].split(","); + int index = mapping.lastIndexOf("="); + String ldapRole = mapping.substring(0,index).trim(); + String[] karafRoles = mapping.substring(index+1).split(","); if (roleMapping.get(ldapRole) == null) { roleMapping.put(ldapRole, new HashSet<String>()); } http://git-wip-us.apache.org/repos/asf/karaf/blob/f18cad5b/jaas/modules/src/test/java/org/apache/karaf/jaas/modules/ldap/LdapLoginModuleTest.java ---------------------------------------------------------------------- diff --git a/jaas/modules/src/test/java/org/apache/karaf/jaas/modules/ldap/LdapLoginModuleTest.java b/jaas/modules/src/test/java/org/apache/karaf/jaas/modules/ldap/LdapLoginModuleTest.java index ff51a31..e93c0dd 100644 --- a/jaas/modules/src/test/java/org/apache/karaf/jaas/modules/ldap/LdapLoginModuleTest.java +++ b/jaas/modules/src/test/java/org/apache/karaf/jaas/modules/ldap/LdapLoginModuleTest.java @@ -438,5 +438,55 @@ public class LdapLoginModuleTest extends AbstractLdapTestUnit { assertTrue(module.logout()); assertEquals("Principals should be gone as the user has logged out", 0, subject.getPrincipals().size()); } + + @Test + public void testRoleMappingFqdn() throws Exception { + Properties options = ldapLoginModuleOptions(); + options.put(LDAPOptions.ROLE_MAPPING, "cn=admin,ou=groups,dc=example,dc=com=karaf;cn=admin,ou=mygroups,dc=example,dc=com=another"); + options.put(LDAPOptions.ROLE_BASE_DN, "ou=groups,dc=example,dc=com"); + options.put(LDAPOptions.ROLE_SEARCH_SUBTREE, "true"); + options.put(LDAPOptions.ROLE_FILTER, "(member=%fqdn)"); + options.put(LDAPOptions.ROLE_NAME_ATTRIBUTE, "description"); + LDAPLoginModule module = new LDAPLoginModule(); + CallbackHandler cb = new CallbackHandler() { + public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { + for (Callback cb : callbacks) { + if (cb instanceof NameCallback) { + ((NameCallback) cb).setName("admin"); + } else if (cb instanceof PasswordCallback) { + ((PasswordCallback) cb).setPassword("admin123".toCharArray()); + } + } + } + }; + Subject subject = new Subject(); + module.initialize(subject, cb, null, options); + + assertEquals("Precondition", 0, subject.getPrincipals().size()); + assertTrue(module.login()); + assertTrue(module.commit()); + + assertEquals(2, subject.getPrincipals().size()); + + final List<String> roles = new ArrayList<String>(Arrays.asList("karaf")); + + boolean foundUser = false; + boolean foundRole = false; + for (Principal principal : subject.getPrincipals()) { + if (principal instanceof UserPrincipal) { + assertEquals("admin", principal.getName()); + foundUser = true; + } else if (principal instanceof RolePrincipal) { + assertTrue(roles.remove(principal.getName())); + foundRole = true; + } + } + assertTrue(foundUser); + assertTrue(foundRole); + assertTrue(roles.isEmpty()); + + assertTrue(module.logout()); + assertEquals("Principals should be gone as the user has logged out", 0, subject.getPrincipals().size()); + } } http://git-wip-us.apache.org/repos/asf/karaf/blob/f18cad5b/jaas/modules/src/test/resources/org/apache/karaf/jaas/modules/ldap/example.com.ldif ---------------------------------------------------------------------- diff --git a/jaas/modules/src/test/resources/org/apache/karaf/jaas/modules/ldap/example.com.ldif b/jaas/modules/src/test/resources/org/apache/karaf/jaas/modules/ldap/example.com.ldif index 39fa562..a437f46 100644 --- a/jaas/modules/src/test/resources/org/apache/karaf/jaas/modules/ldap/example.com.ldif +++ b/jaas/modules/src/test/resources/org/apache/karaf/jaas/modules/ldap/example.com.ldif @@ -34,6 +34,7 @@ dn: cn=admin,ou=groups,dc=example,dc=com objectClass: top objectClass: groupOfNames cn: admin +description: cn=admin,ou=groups,dc=example,dc=com member: cn=admin,ou=people,dc=example,dc=com dn: cn=admin,ou=people,dc=example,dc=com @@ -55,4 +56,3 @@ cn: cheese sn: cheese uid: cheese userPassword: foodie - http://git-wip-us.apache.org/repos/asf/karaf/blob/f18cad5b/jaas/modules/src/test/resources/org/apache/karaf/jaas/modules/ldap/example.com_with_escapes.ldif ---------------------------------------------------------------------- diff --git a/jaas/modules/src/test/resources/org/apache/karaf/jaas/modules/ldap/example.com_with_escapes.ldif b/jaas/modules/src/test/resources/org/apache/karaf/jaas/modules/ldap/example.com_with_escapes.ldif index 3736aea..2f6cff3 100644 --- a/jaas/modules/src/test/resources/org/apache/karaf/jaas/modules/ldap/example.com_with_escapes.ldif +++ b/jaas/modules/src/test/resources/org/apache/karaf/jaas/modules/ldap/example.com_with_escapes.ldif @@ -34,6 +34,7 @@ dn: cn=admin,ou=groups,dc=example,dc=com objectClass: top objectClass: groupOfNames cn: admin +description: cn=admin,ou=groups,dc=example,dc=com member: cn=admin\,\=\+\<\>#\;\\,ou=people,dc=example,dc=com dn: cn=admin\,\=\+\<\>#\;\\,ou=people,dc=example,dc=com
