This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push: new 5862cb9 Code clean-up. No functional change. 5862cb9 is described below commit 5862cb95edbeb75782c923619453affe4d47c614 Author: Mark Thomas <ma...@apache.org> AuthorDate: Fri Apr 9 16:56:25 2021 +0100 Code clean-up. No functional change. --- java/org/apache/catalina/realm/JNDIRealm.java | 676 +++++++++++--------------- 1 file changed, 290 insertions(+), 386 deletions(-) diff --git a/java/org/apache/catalina/realm/JNDIRealm.java b/java/org/apache/catalina/realm/JNDIRealm.java index 1eedab6..e4ba051 100644 --- a/java/org/apache/catalina/realm/JNDIRealm.java +++ b/java/org/apache/catalina/realm/JNDIRealm.java @@ -181,7 +181,6 @@ import org.ietf.jgss.GSSName; */ public class JNDIRealm extends RealmBase { - // ----------------------------------------------------- Instance Variables /** @@ -194,19 +193,16 @@ public class JNDIRealm extends RealmBase { */ protected String connectionName = null; - /** * The connection password for the server we will contact. */ protected String connectionPassword = null; - /** * The connection URL for the server we will contact. */ protected String connectionURL = null; - /** * The JNDI context factory used to acquire our InitialContext. By * default, assumes use of an LDAP server using the standard JNDI LDAP @@ -214,7 +210,6 @@ public class JNDIRealm extends RealmBase { */ protected String contextFactory = "com.sun.jndi.ldap.LdapCtxFactory"; - /** * How aliases should be dereferenced during search operations. */ @@ -226,7 +221,6 @@ public class JNDIRealm extends RealmBase { */ public static final String DEREF_ALIASES = "java.naming.ldap.derefAliases"; - /** * Descriptive information about this Realm implementation. * @deprecated This will be removed in Tomcat 9 onwards. @@ -241,7 +235,6 @@ public class JNDIRealm extends RealmBase { */ protected String protocol = null; - /** * Should we ignore PartialResultExceptions when iterating over NamingEnumerations? * Microsoft Active Directory often returns referrals, which lead @@ -251,7 +244,6 @@ public class JNDIRealm extends RealmBase { */ protected boolean adCompat = false; - /** * How should we handle referrals? Microsoft Active Directory often returns * referrals. If you need to follow them set referrals to "follow". @@ -260,20 +252,17 @@ public class JNDIRealm extends RealmBase { */ protected String referrals = null; - /** * The base element for user searches. */ protected String userBase = ""; - /** * The message format used to search for a user, with "{0}" marking * the spot where the username goes. */ protected String userSearch = null; - /** * When searching for users, should the search be performed as the user * currently being authenticated? If false, {@link #connectionName} and @@ -282,13 +271,11 @@ public class JNDIRealm extends RealmBase { */ private boolean userSearchAsUser = false; - /** * Should we search the entire subtree for matching users? */ protected boolean userSubtree = false; - /** * The attribute name used to retrieve the user password. */ @@ -302,7 +289,6 @@ public class JNDIRealm extends RealmBase { */ protected String userRoleAttribute = null; - /** * A string of LDAP user patterns or paths, ":"-separated * These will be used to form the distinguished name of a @@ -313,7 +299,6 @@ public class JNDIRealm extends RealmBase { */ protected String[] userPatternArray = null; - /** * The message format used to form the distinguished name of a * user, with "{0}" marking the spot where the specified username @@ -321,26 +306,22 @@ public class JNDIRealm extends RealmBase { */ protected String userPattern = null; - /** * The base element for role searches. */ protected String roleBase = ""; - /** * The name of an attribute in the user's entry containing * roles for that user */ protected String userRoleName = null; - /** * The name of the attribute containing roles held elsewhere */ protected String roleName = null; - /** * The message format used to select roles for a user, with "{0}" marking * the spot where the distinguished name of the user goes. The "{1}" @@ -348,7 +329,6 @@ public class JNDIRealm extends RealmBase { */ protected String roleSearch = null; - /** * Should we search the entire subtree for matching memberships? */ @@ -383,7 +363,6 @@ public class JNDIRealm extends RealmBase { */ protected String commonRole = null; - /** * The timeout, in milliseconds, to use when trying to create a connection * to the directory. The default is 5000 (5 seconds). @@ -408,14 +387,12 @@ public class JNDIRealm extends RealmBase { */ protected int timeLimit = 0; - /** * Should delegated credentials from the SPNEGO authenticator be used if * available */ protected boolean useDelegatedCredential = true; - /** * The QOP that should be used for the connection to the LDAP server after * authentication. This value is used to set the @@ -473,31 +450,26 @@ public class JNDIRealm extends RealmBase { private boolean forceDnHexEscape = false; - /** * Non pooled connection to our directory server. */ protected JNDIConnection singleConnection = new JNDIConnection(); - /** * The lock to ensure single connection thread safety. */ protected final Lock singleConnectionLock = new ReentrantLock(); - /** * Connection pool. */ protected SynchronizedStack<JNDIConnection> connectionPool = null; - /** * The pool size limit. If 1, pooling is not used. */ protected int connectionPoolSize = 1; - /** * Whether to use context ClassLoader or default ClassLoader. * True means use context ClassLoader, and True is the default @@ -512,37 +484,35 @@ public class JNDIRealm extends RealmBase { return forceDnHexEscape; } + public void setForceDnHexEscape(boolean forceDnHexEscape) { this.forceDnHexEscape = forceDnHexEscape; } + /** * @return the type of authentication to use. */ public String getAuthentication() { - return authentication; - } + /** * Set the type of authentication to use. * * @param authentication The authentication */ public void setAuthentication(String authentication) { - this.authentication = authentication; - } + /** * @return the connection username for this Realm. */ public String getConnectionName() { - return this.connectionName; - } @@ -552,9 +522,7 @@ public class JNDIRealm extends RealmBase { * @param connectionName The new connection username */ public void setConnectionName(String connectionName) { - this.connectionName = connectionName; - } @@ -562,9 +530,7 @@ public class JNDIRealm extends RealmBase { * @return the connection password for this Realm. */ public String getConnectionPassword() { - return this.connectionPassword; - } @@ -574,9 +540,7 @@ public class JNDIRealm extends RealmBase { * @param connectionPassword The new connection password */ public void setConnectionPassword(String connectionPassword) { - this.connectionPassword = connectionPassword; - } @@ -584,9 +548,7 @@ public class JNDIRealm extends RealmBase { * @return the connection URL for this Realm. */ public String getConnectionURL() { - return this.connectionURL; - } @@ -596,9 +558,7 @@ public class JNDIRealm extends RealmBase { * @param connectionURL The new connection URL */ public void setConnectionURL(String connectionURL) { - this.connectionURL = connectionURL; - } @@ -606,9 +566,7 @@ public class JNDIRealm extends RealmBase { * @return the JNDI context factory for this Realm. */ public String getContextFactory() { - return this.contextFactory; - } @@ -618,11 +576,10 @@ public class JNDIRealm extends RealmBase { * @param contextFactory The new context factory */ public void setContextFactory(String contextFactory) { - this.contextFactory = contextFactory; - } + /** * @return the derefAliases setting to be used. */ @@ -630,33 +587,32 @@ public class JNDIRealm extends RealmBase { return derefAliases; } + /** * Set the value for derefAliases to be used when searching the directory. * * @param derefAliases New value of property derefAliases. */ public void setDerefAliases(java.lang.String derefAliases) { - this.derefAliases = derefAliases; + this.derefAliases = derefAliases; } + /** * @return the protocol to be used. */ public String getProtocol() { - return protocol; - } + /** * Set the protocol for this Realm. * * @param protocol The new protocol. */ public void setProtocol(String protocol) { - this.protocol = protocol; - } @@ -700,9 +656,7 @@ public class JNDIRealm extends RealmBase { * @return the base element for user searches. */ public String getUserBase() { - return this.userBase; - } @@ -712,9 +666,7 @@ public class JNDIRealm extends RealmBase { * @param userBase The new base element */ public void setUserBase(String userBase) { - this.userBase = userBase; - } @@ -722,9 +674,7 @@ public class JNDIRealm extends RealmBase { * @return the message format pattern for selecting users in this Realm. */ public String getUserSearch() { - return this.userSearch; - } @@ -753,9 +703,7 @@ public class JNDIRealm extends RealmBase { * @return the "search subtree for users" flag. */ public boolean getUserSubtree() { - return this.userSubtree; - } @@ -765,9 +713,7 @@ public class JNDIRealm extends RealmBase { * @param userSubtree The new search flag */ public void setUserSubtree(boolean userSubtree) { - this.userSubtree = userSubtree; - } @@ -775,7 +721,6 @@ public class JNDIRealm extends RealmBase { * @return the user role name attribute name for this Realm. */ public String getUserRoleName() { - return userRoleName; } @@ -786,9 +731,7 @@ public class JNDIRealm extends RealmBase { * @param userRoleName The new userRole name attribute name */ public void setUserRoleName(String userRoleName) { - this.userRoleName = userRoleName; - } @@ -796,9 +739,7 @@ public class JNDIRealm extends RealmBase { * @return the base element for role searches. */ public String getRoleBase() { - return this.roleBase; - } @@ -817,9 +758,7 @@ public class JNDIRealm extends RealmBase { * @return the role name attribute name for this Realm. */ public String getRoleName() { - return this.roleName; - } @@ -829,9 +768,7 @@ public class JNDIRealm extends RealmBase { * @param roleName The new role name attribute name */ public void setRoleName(String roleName) { - this.roleName = roleName; - } @@ -839,9 +776,7 @@ public class JNDIRealm extends RealmBase { * @return the message format pattern for selecting roles in this Realm. */ public String getRoleSearch() { - return this.roleSearch; - } @@ -870,9 +805,7 @@ public class JNDIRealm extends RealmBase { * @return the "search subtree for roles" flag. */ public boolean getRoleSubtree() { - return this.roleSubtree; - } @@ -882,18 +815,15 @@ public class JNDIRealm extends RealmBase { * @param roleSubtree The new search flag */ public void setRoleSubtree(boolean roleSubtree) { - this.roleSubtree = roleSubtree; - } + /** * @return the "The nested group search flag" flag. */ public boolean getRoleNested() { - return this.roleNested; - } @@ -903,9 +833,7 @@ public class JNDIRealm extends RealmBase { * @param roleNested The nested group search flag */ public void setRoleNested(boolean roleNested) { - this.roleNested = roleNested; - } @@ -913,9 +841,7 @@ public class JNDIRealm extends RealmBase { * @return the password attribute used to retrieve the user password. */ public String getUserPassword() { - return this.userPassword; - } @@ -925,9 +851,7 @@ public class JNDIRealm extends RealmBase { * @param userPassword The new password attribute */ public void setUserPassword(String userPassword) { - this.userPassword = userPassword; - } @@ -935,6 +859,7 @@ public class JNDIRealm extends RealmBase { return userRoleAttribute; } + public void setUserRoleAttribute(String userRoleAttribute) { this.userRoleAttribute = userRoleAttribute; } @@ -943,14 +868,10 @@ public class JNDIRealm extends RealmBase { * @return the message format pattern for selecting users in this Realm. */ public String getUserPattern() { - return this.userPattern; - } - - /** * Set the message format pattern for selecting users in this Realm. * This may be one simple pattern, or multiple patterns to be tried, @@ -978,9 +899,7 @@ public class JNDIRealm extends RealmBase { * @return Value of property alternateURL. */ public String getAlternateURL() { - return this.alternateURL; - } @@ -990,9 +909,7 @@ public class JNDIRealm extends RealmBase { * @param alternateURL New value of property alternateURL. */ public void setAlternateURL(String alternateURL) { - this.alternateURL = alternateURL; - } @@ -1000,9 +917,7 @@ public class JNDIRealm extends RealmBase { * @return the common role */ public String getCommonRole() { - return commonRole; - } @@ -1012,9 +927,7 @@ public class JNDIRealm extends RealmBase { * @param commonRole The common role */ public void setCommonRole(String commonRole) { - this.commonRole = commonRole; - } @@ -1022,9 +935,7 @@ public class JNDIRealm extends RealmBase { * @return the connection timeout. */ public String getConnectionTimeout() { - return connectionTimeout; - } @@ -1034,18 +945,15 @@ public class JNDIRealm extends RealmBase { * @param timeout The new connection timeout */ public void setConnectionTimeout(String timeout) { - this.connectionTimeout = timeout; - } + /** * @return the read timeout. */ public String getReadTimeout() { - return readTimeout; - } @@ -1055,9 +963,7 @@ public class JNDIRealm extends RealmBase { * @param timeout The new read timeout */ public void setReadTimeout(String timeout) { - this.readTimeout = timeout; - } @@ -1085,6 +991,7 @@ public class JNDIRealm extends RealmBase { return useDelegatedCredential; } + public void setUseDelegatedCredential(boolean useDelegatedCredential) { this.useDelegatedCredential = useDelegatedCredential; } @@ -1094,6 +1001,7 @@ public class JNDIRealm extends RealmBase { return spnegoDelegationQop; } + public void setSpnegoDelegationQop(String spnegoDelegationQop) { this.spnegoDelegationQop = spnegoDelegationQop; } @@ -1106,6 +1014,7 @@ public class JNDIRealm extends RealmBase { return useStartTls; } + /** * Flag whether StartTLS should be used when connecting to the ldap server * @@ -1117,6 +1026,7 @@ public class JNDIRealm extends RealmBase { this.useStartTls = useStartTls; } + /** * @return list of the allowed cipher suites when connections are made using * StartTLS @@ -1136,6 +1046,7 @@ public class JNDIRealm extends RealmBase { return this.cipherSuitesArray; } + /** * Set the allowed cipher suites when opening a connection using StartTLS. * The cipher suites are expected as a comma separated list. @@ -1147,6 +1058,7 @@ public class JNDIRealm extends RealmBase { this.cipherSuites = suites; } + /** * @return the connection pool size, or the default value 1 if pooling * is disabled @@ -1155,6 +1067,7 @@ public class JNDIRealm extends RealmBase { return connectionPoolSize; } + /** * Set the connection pool size * @param connectionPoolSize the new pool size @@ -1163,6 +1076,7 @@ public class JNDIRealm extends RealmBase { this.connectionPoolSize = connectionPoolSize; } + /** * @return name of the {@link HostnameVerifier} class used for connections * using StartTLS, or the empty string, if the default verifier @@ -1175,6 +1089,7 @@ public class JNDIRealm extends RealmBase { return this.hostnameVerifier.getClass().getCanonicalName(); } + /** * Set the {@link HostnameVerifier} to be used when opening connections * using StartTLS. An instance of the given class name will be constructed @@ -1191,6 +1106,7 @@ public class JNDIRealm extends RealmBase { } } + /** * @return the {@link HostnameVerifier} to use for peer certificate * verification when opening connections using StartTLS. @@ -1199,8 +1115,7 @@ public class JNDIRealm extends RealmBase { if (this.hostnameVerifier != null) { return this.hostnameVerifier; } - if (this.hostNameVerifierClassName == null - || hostNameVerifierClassName.equals("")) { + if (this.hostNameVerifierClassName == null || hostNameVerifierClassName.equals("")) { return null; } try { @@ -1220,6 +1135,7 @@ public class JNDIRealm extends RealmBase { } } + /** * Set the {@link SSLSocketFactory} to be used when opening connections * using StartTLS. An instance of the factory with the given name will be @@ -1233,6 +1149,7 @@ public class JNDIRealm extends RealmBase { this.sslSocketFactoryClassName = factoryClassName; } + /** * Set the ssl protocol to be used for connections using StartTLS. * @@ -1243,6 +1160,7 @@ public class JNDIRealm extends RealmBase { this.sslProtocol = protocol; } + /** * @return the list of supported ssl protocols by the default * {@link SSLContext} @@ -1256,12 +1174,14 @@ public class JNDIRealm extends RealmBase { } } + private Object constructInstance(String className) throws ReflectiveOperationException { Class<?> clazz = Class.forName(className); return clazz.getConstructor().newInstance(); } + /** * Sets whether to use the context or default ClassLoader. * True means use context ClassLoader. @@ -1272,6 +1192,7 @@ public class JNDIRealm extends RealmBase { useContextClassLoader = useContext; } + /** * Returns whether to use the context or default ClassLoader. * True means to use the context ClassLoader. @@ -1282,6 +1203,7 @@ public class JNDIRealm extends RealmBase { return useContextClassLoader; } + // ---------------------------------------------------------- Realm Methods /** @@ -1364,21 +1286,14 @@ public class JNDIRealm extends RealmBase { closePooledConnections(); // Return "not authenticated" for this request - if (containerLog.isDebugEnabled()) + if (containerLog.isDebugEnabled()) { containerLog.debug("Returning null principal."); + } return null; - } - } - // -------------------------------------------------------- Package Methods - - - // ------------------------------------------------------ Protected Methods - - /** * Return the Principal associated with the specified username and * credentials, if there is one; otherwise return <code>null</code>. @@ -1391,22 +1306,18 @@ public class JNDIRealm extends RealmBase { * * @exception NamingException if a directory server error occurs */ - public Principal authenticate(JNDIConnection connection, - String username, - String credentials) - throws NamingException { + public Principal authenticate(JNDIConnection connection, String username, String credentials) + throws NamingException { - if (username == null || username.equals("") - || credentials == null || credentials.equals("")) { - if (containerLog.isDebugEnabled()) + if (username == null || username.equals("") || credentials == null || credentials.equals("")) { + if (containerLog.isDebugEnabled()) { containerLog.debug("username null or empty: returning null principal."); + } return null; } if (userPatternArray != null) { - for (int curUserPattern = 0; - curUserPattern < userPatternArray.length; - curUserPattern++) { + for (int curUserPattern = 0; curUserPattern < userPatternArray.length; curUserPattern++) { // Retrieve user information User user = getUser(connection, username, credentials, curUserPattern); if (user != null) { @@ -1434,12 +1345,14 @@ public class JNDIRealm extends RealmBase { } else { // Retrieve user information User user = getUser(connection, username, credentials); - if (user == null) + if (user == null) { return null; + } // Check the user's credentials - if (!checkCredentials(connection.context, user, credentials)) + if (!checkCredentials(connection.context, user, credentials)) { return null; + } // Search for additional roles List<String> roles = getRoles(connection, user); @@ -1453,6 +1366,8 @@ public class JNDIRealm extends RealmBase { } + // ------------------------------------------------------ Protected Methods + /** * Return a User object containing information about the user * with the specified username, if found in the directory; @@ -1465,9 +1380,7 @@ public class JNDIRealm extends RealmBase { * * @see #getUser(JNDIConnection, String, String, int) */ - protected User getUser(JNDIConnection connection, String username) - throws NamingException { - + protected User getUser(JNDIConnection connection, String username) throws NamingException { return getUser(connection, username, null, -1); } @@ -1485,9 +1398,7 @@ public class JNDIRealm extends RealmBase { * * @see #getUser(JNDIConnection, String, String, int) */ - protected User getUser(JNDIConnection connection, String username, String credentials) - throws NamingException { - + protected User getUser(JNDIConnection connection, String username, String credentials) throws NamingException { return getUser(connection, username, credentials, -1); } @@ -1510,18 +1421,19 @@ public class JNDIRealm extends RealmBase { * @return the User object * @exception NamingException if a directory server error occurs */ - protected User getUser(JNDIConnection connection, String username, - String credentials, int curUserPattern) - throws NamingException { + protected User getUser(JNDIConnection connection, String username, String credentials, int curUserPattern) + throws NamingException { User user = null; // Get attributes to retrieve from user entry - ArrayList<String> list = new ArrayList<>(); - if (userPassword != null) + List<String> list = new ArrayList<>(); + if (userPassword != null) { list.add(userPassword); - if (userRoleName != null) + } + if (userRoleName != null) { list.add(userRoleName); + } if (userRoleAttribute != null) { list.add(userRoleAttribute); } @@ -1553,8 +1465,7 @@ public class JNDIRealm extends RealmBase { if (userPassword == null && credentials != null && user != null) { // The password is available. Insert it since it may be required for // role searches. - return new User(user.getUserName(), user.getDN(), credentials, - user.getRoles(), user.getUserRoleId()); + return new User(user.getUserName(), user.getDN(), credentials, user.getRoles(), user.getUserRoleId()); } return user; @@ -1574,11 +1485,8 @@ public class JNDIRealm extends RealmBase { * @return the User object * @exception NamingException if a directory server error occurs */ - protected User getUserByPattern(DirContext context, - String username, - String[] attrIds, - String dn) - throws NamingException { + protected User getUserByPattern(DirContext context, String username, String[] attrIds, String dn) + throws NamingException { // If no attributes are requested, no need to look for them if (attrIds == null || attrIds.length == 0) { @@ -1592,13 +1500,15 @@ public class JNDIRealm extends RealmBase { } catch (NameNotFoundException e) { return null; } - if (attrs == null) + if (attrs == null) { return null; + } // Retrieve value of userPassword String password = null; - if (userPassword != null) + if (userPassword != null) { password = getAttributeValue(userPassword, attrs); + } String userRoleAttrValue = null; if (userRoleAttribute != null) { @@ -1607,8 +1517,9 @@ public class JNDIRealm extends RealmBase { // Retrieve values of userRoleName attribute ArrayList<String> roles = null; - if (userRoleName != null) + if (userRoleName != null) { roles = addAttributeValues(userRoleName, attrs, roles); + } return new User(username, dn, password, roles, userRoleAttrValue); } @@ -1629,17 +1540,14 @@ public class JNDIRealm extends RealmBase { * @exception NamingException if a directory server error occurs * @see #getUserByPattern(DirContext, String, String[], String) */ - protected User getUserByPattern(JNDIConnection connection, - String username, - String credentials, - String[] attrIds, - int curUserPattern) - throws NamingException { + protected User getUserByPattern(JNDIConnection connection, String username, String credentials, String[] attrIds, + int curUserPattern) throws NamingException { User user = null; - if (username == null || userPatternArray[curUserPattern] == null) + if (username == null || userPatternArray[curUserPattern] == null) { return null; + } // Form the dn from the user pattern String dn = connection.userPatternFormatArray[curUserPattern].format(new String[] { username }); @@ -1674,13 +1582,12 @@ public class JNDIRealm extends RealmBase { * @return the User object * @exception NamingException if a directory server error occurs */ - protected User getUserBySearch(JNDIConnection connection, - String username, - String[] attrIds) - throws NamingException { + protected User getUserBySearch(JNDIConnection connection, String username, String[] attrIds) + throws NamingException { - if (username == null || connection.userSearchFormat == null) + if (username == null || connection.userSearchFormat == null) { return null; + } // Form the search filter String filter = connection.userSearchFormat.format(new String[] { username }); @@ -1698,12 +1605,12 @@ public class JNDIRealm extends RealmBase { constraints.setTimeLimit(timeLimit); // Specify the attributes to be retrieved - if (attrIds == null) + if (attrIds == null) { attrIds = new String[0]; + } constraints.setReturningAttributes(attrIds); - NamingEnumeration<SearchResult> results = - connection.context.search(userBase, filter, constraints); + NamingEnumeration<SearchResult> results = connection.context.search(userBase, filter, constraints); try { // Fail if no entries found @@ -1712,10 +1619,11 @@ public class JNDIRealm extends RealmBase { return null; } } catch (PartialResultException ex) { - if (!adCompat) + if (!adCompat) { throw ex; - else + } else { return null; + } } // Get result for the first entry found @@ -1730,24 +1638,28 @@ public class JNDIRealm extends RealmBase { return null; } } catch (PartialResultException ex) { - if (!adCompat) + if (!adCompat) { throw ex; + } } String dn = getDistinguishedName(connection.context, userBase, result); - if (containerLog.isTraceEnabled()) + if (containerLog.isTraceEnabled()) { containerLog.trace(" entry found for " + username + " with dn " + dn); + } // Get the entry's attributes Attributes attrs = result.getAttributes(); - if (attrs == null) + if (attrs == null) { return null; + } // Retrieve value of userPassword String password = null; - if (userPassword != null) + if (userPassword != null) { password = getAttributeValue(userPassword, attrs); + } String userRoleAttrValue = null; if (userRoleAttribute != null) { @@ -1756,8 +1668,9 @@ public class JNDIRealm extends RealmBase { // Retrieve values of userRoleName attribute ArrayList<String> roles = null; - if (userRoleName != null) + if (userRoleName != null) { roles = addAttributeValues(userRoleName, attrs, roles); + } return new User(username, dn, password, roles, userRoleAttrValue); } finally { @@ -1783,30 +1696,25 @@ public class JNDIRealm extends RealmBase { * @return <code>true</code> if the credentials are validated * @exception NamingException if a directory server error occurs */ - protected boolean checkCredentials(DirContext context, - User user, - String credentials) - throws NamingException { + protected boolean checkCredentials(DirContext context, User user, String credentials) throws NamingException { - boolean validated = false; + boolean validated = false; - if (userPassword == null) { - validated = bindAsUser(context, user, credentials); - } else { - validated = compareCredentials(context, user, credentials); - } + if (userPassword == null) { + validated = bindAsUser(context, user, credentials); + } else { + validated = compareCredentials(context, user, credentials); + } - if (containerLog.isTraceEnabled()) { - if (validated) { - containerLog.trace(sm.getString("jndiRealm.authenticateSuccess", - user.getUserName())); - } else { - containerLog.trace(sm.getString("jndiRealm.authenticateFailure", - user.getUserName())); - } - } - return validated; - } + if (containerLog.isTraceEnabled()) { + if (validated) { + containerLog.trace(sm.getString("jndiRealm.authenticateSuccess", user.getUserName())); + } else { + containerLog.trace(sm.getString("jndiRealm.authenticateFailure", user.getUserName())); + } + } + return validated; + } /** @@ -1819,17 +1727,15 @@ public class JNDIRealm extends RealmBase { * @return <code>true</code> if the credentials are validated * @exception NamingException if a directory server error occurs */ - protected boolean compareCredentials(DirContext context, - User info, - String credentials) - throws NamingException { - + protected boolean compareCredentials(DirContext context, User info, String credentials) throws NamingException { // Validate the credentials specified by the user - if (containerLog.isTraceEnabled()) + if (containerLog.isTraceEnabled()) { containerLog.trace(" validating credentials"); + } - if (info == null || credentials == null) + if (info == null || credentials == null) { return false; + } String password = info.getPassword(); @@ -1846,21 +1752,20 @@ public class JNDIRealm extends RealmBase { * @return <code>true</code> if the credentials are validated * @exception NamingException if a directory server error occurs */ - protected boolean bindAsUser(DirContext context, - User user, - String credentials) - throws NamingException { + protected boolean bindAsUser(DirContext context, User user, String credentials) throws NamingException { - if (credentials == null || user == null) - return false; + if (credentials == null || user == null) { + return false; + } - String dn = user.getDN(); - if (dn == null) - return false; + String dn = user.getDN(); + if (dn == null) { + return false; + } - // Validate the credentials specified by the user - if (containerLog.isTraceEnabled()) { - containerLog.trace(" validating credentials by binding as the user"); + // Validate the credentials specified by the user + if (containerLog.isTraceEnabled()) { + containerLog.trace(" validating credentials by binding as the user"); } userCredentialsAdd(context, dn, credentials); @@ -1885,48 +1790,47 @@ public class JNDIRealm extends RealmBase { return validated; } - /** - * Configure the context to use the provided credentials for - * authentication. - * - * @param context DirContext to configure - * @param dn Distinguished name of user - * @param credentials Credentials of user - * @exception NamingException if a directory server error occurs - */ - private void userCredentialsAdd(DirContext context, String dn, - String credentials) throws NamingException { + + /** + * Configure the context to use the provided credentials for + * authentication. + * + * @param context DirContext to configure + * @param dn Distinguished name of user + * @param credentials Credentials of user + * @exception NamingException if a directory server error occurs + */ + private void userCredentialsAdd(DirContext context, String dn, String credentials) throws NamingException { // Set up security environment to bind as the user context.addToEnvironment(Context.SECURITY_PRINCIPAL, dn); context.addToEnvironment(Context.SECURITY_CREDENTIALS, credentials); } + /** * Configure the context to use {@link #connectionName} and * {@link #connectionPassword} if specified or an anonymous connection if * those attributes are not specified. * - * @param context DirContext to configure - * @exception NamingException if a directory server error occurs + * @param context DirContext to configure + * @exception NamingException if a directory server error occurs */ - private void userCredentialsRemove(DirContext context) - throws NamingException { + private void userCredentialsRemove(DirContext context) throws NamingException { // Restore the original security environment if (connectionName != null) { - context.addToEnvironment(Context.SECURITY_PRINCIPAL, - connectionName); + context.addToEnvironment(Context.SECURITY_PRINCIPAL, connectionName); } else { context.removeFromEnvironment(Context.SECURITY_PRINCIPAL); } if (connectionPassword != null) { - context.addToEnvironment(Context.SECURITY_CREDENTIALS, - connectionPassword); + context.addToEnvironment(Context.SECURITY_CREDENTIALS, connectionPassword); } else { context.removeFromEnvironment(Context.SECURITY_CREDENTIALS); } } + /** * Return a List of roles associated with the given User. Any * roles present in the user's directory entry are supplemented by @@ -1938,21 +1842,23 @@ public class JNDIRealm extends RealmBase { * @return the list of role names * @exception NamingException if a directory server error occurs */ - protected List<String> getRoles(JNDIConnection connection, User user) - throws NamingException { + protected List<String> getRoles(JNDIConnection connection, User user) throws NamingException { - if (user == null) + if (user == null) { return null; + } String dn = user.getDN(); String username = user.getUserName(); String userRoleId = user.getUserRoleId(); - if (dn == null || username == null) + if (dn == null || username == null) { return null; + } - if (containerLog.isTraceEnabled()) + if (containerLog.isTraceEnabled()) { containerLog.trace(" getRoles(" + dn + ")"); + } // Start with roles retrieved from the user entry List<String> list = new ArrayList<>(); @@ -1960,8 +1866,9 @@ public class JNDIRealm extends RealmBase { if (userRoles != null) { list.addAll(userRoles); } - if (commonRole != null) + if (commonRole != null) { list.add(commonRole); + } if (containerLog.isTraceEnabled()) { containerLog.trace(" Found " + list.size() + " user internal roles"); @@ -1969,16 +1876,18 @@ public class JNDIRealm extends RealmBase { } // Are we configured to do role searches? - if ((connection.roleFormat == null) || (roleName == null)) + if ((connection.roleFormat == null) || (roleName == null)) { return list; + } // Set up parameters for an appropriate search String filter = connection.roleFormat.format(new String[] { doRFC2254Encoding(dn), username, userRoleId }); SearchControls controls = new SearchControls(); - if (roleSubtree) + if (roleSubtree) { controls.setSearchScope(SearchControls.SUBTREE_SCOPE); - else + } else { controls.setSearchScope(SearchControls.ONELEVEL_SCOPE); + } controls.setReturningAttributes(new String[] {roleName}); String base = null; @@ -1998,16 +1907,18 @@ public class JNDIRealm extends RealmBase { NamingEnumeration<SearchResult> results = searchAsUser(connection.context, user, base, filter, controls, isRoleSearchAsUser()); - if (results == null) + if (results == null) { return list; // Should never happen, but just in case ... + } - HashMap<String, String> groupMap = new HashMap<>(); + Map<String, String> groupMap = new HashMap<>(); try { while (results.hasMore()) { SearchResult result = results.next(); Attributes attrs = result.getAttributes(); - if (attrs == null) + if (attrs == null) { continue; + } String dname = getDistinguishedName(connection.context, roleBase, result); String name = getAttributeValue(roleName, attrs); if (name != null && dname != null) { @@ -2015,8 +1926,9 @@ public class JNDIRealm extends RealmBase { } } } catch (PartialResultException ex) { - if (!adCompat) + if (!adCompat) { throw ex; + } } finally { results.close(); } @@ -2045,18 +1957,19 @@ public class JNDIRealm extends RealmBase { group.getValue(), group.getValue() }); if (containerLog.isTraceEnabled()) { - containerLog.trace("Perform a nested group search with base "+ roleBase + " and filter " + filter); + containerLog.trace("Perform a nested group search with base "+ roleBase + + " and filter " + filter); } - results = searchAsUser(connection.context, user, roleBase, filter, controls, - isRoleSearchAsUser()); + results = searchAsUser(connection.context, user, roleBase, filter, controls, isRoleSearchAsUser()); try { while (results.hasMore()) { SearchResult result = results.next(); Attributes attrs = result.getAttributes(); - if (attrs == null) + if (attrs == null) { continue; + } String dname = getDistinguishedName(connection.context, roleBase, result); String name = getAttributeValue(roleName, attrs); if (name != null && dname != null && !groupMap.keySet().contains(dname)) { @@ -2066,12 +1979,12 @@ public class JNDIRealm extends RealmBase { if (containerLog.isTraceEnabled()) { containerLog.trace(" Found nested role " + dname + " -> " + name); } - } - } + } } catch (PartialResultException ex) { - if (!adCompat) + if (!adCompat) { throw ex; + } } finally { results.close(); } @@ -2085,6 +1998,7 @@ public class JNDIRealm extends RealmBase { return list; } + /** * Perform the search on the context as the {@code dn}, when * {@code searchAsUser} is {@code true}, otherwise search the context with @@ -2107,8 +2021,7 @@ public class JNDIRealm extends RealmBase { * @throws NamingException * if a directory server error occurs */ - private NamingEnumeration<SearchResult> searchAsUser(DirContext context, - User user, String base, String filter, + private NamingEnumeration<SearchResult> searchAsUser(DirContext context, User user, String base, String filter, SearchControls controls, boolean searchAsUser) throws NamingException { NamingEnumeration<SearchResult> results; try { @@ -2133,26 +2046,30 @@ public class JNDIRealm extends RealmBase { * @return the attribute value * @exception NamingException if a directory server error occurs */ - private String getAttributeValue(String attrId, Attributes attrs) - throws NamingException { + private String getAttributeValue(String attrId, Attributes attrs) throws NamingException { - if (containerLog.isTraceEnabled()) + if (containerLog.isTraceEnabled()) { containerLog.trace(" retrieving attribute " + attrId); + } - if (attrId == null || attrs == null) + if (attrId == null || attrs == null) { return null; + } Attribute attr = attrs.get(attrId); - if (attr == null) + if (attr == null) { return null; + } Object value = attr.get(); - if (value == null) + if (value == null) { return null; + } String valueString = null; - if (value instanceof byte[]) + if (value instanceof byte[]) { valueString = new String((byte[]) value); - else + } else { valueString = value.toString(); + } return valueString; } @@ -2167,20 +2084,22 @@ public class JNDIRealm extends RealmBase { * @return the list of attribute values * @exception NamingException if a directory server error occurs */ - private ArrayList<String> addAttributeValues(String attrId, - Attributes attrs, - ArrayList<String> values) - throws NamingException{ + private ArrayList<String> addAttributeValues(String attrId, Attributes attrs, ArrayList<String> values) + throws NamingException { - if (containerLog.isTraceEnabled()) + if (containerLog.isTraceEnabled()) { containerLog.trace(" retrieving values for attribute " + attrId); - if (attrId == null || attrs == null) + } + if (attrId == null || attrs == null) { return values; - if (values == null) + } + if (values == null) { values = new ArrayList<>(); + } Attribute attr = attrs.get(attrId); - if (attr == null) + if (attr == null) { return values; + } NamingEnumeration<?> e = attr.getAll(); try { while(e.hasMore()) { @@ -2188,8 +2107,9 @@ public class JNDIRealm extends RealmBase { values.add(value); } } catch (PartialResultException ex) { - if (!adCompat) + if (!adCompat) { throw ex; + } } finally { e.close(); } @@ -2222,8 +2142,9 @@ public class JNDIRealm extends RealmBase { } // Close our opened connection try { - if (containerLog.isDebugEnabled()) + if (containerLog.isDebugEnabled()) { containerLog.debug("Closing directory context"); + } connection.context.close(); } catch (NamingException e) { containerLog.error(sm.getString("jndiRealm.close"), e); @@ -2233,9 +2154,9 @@ public class JNDIRealm extends RealmBase { if (connectionPool == null) { singleConnectionLock.unlock(); } - } + /** * Close all pooled connections. */ @@ -2251,6 +2172,7 @@ public class JNDIRealm extends RealmBase { } } + @Override @Deprecated protected String getName() { @@ -2273,7 +2195,6 @@ public class JNDIRealm extends RealmBase { JNDIConnection connection = null; User user = null; try { - // Ensure that we have a directory context available connection = get(); @@ -2296,7 +2217,6 @@ public class JNDIRealm extends RealmBase { user = getUser(connection, username, null); } - // Release this context release(connection); @@ -2307,15 +2227,14 @@ public class JNDIRealm extends RealmBase { // ... and have a password return user.getPassword(); } - } catch (NamingException e) { // Log the problem for posterity containerLog.error(sm.getString("jndiRealm.exception"), e); return null; } - } + /** * Get the principal associated with the specified certificate. * @param username The user name @@ -2326,9 +2245,9 @@ public class JNDIRealm extends RealmBase { return getPrincipal(username, null); } + @Override - protected Principal getPrincipal(GSSName gssName, - GSSCredential gssCredential) { + protected Principal getPrincipal(GSSName gssName, GSSCredential gssCredential) { String name = gssName.toString(); if (isStripRealmForGss()) { @@ -2342,15 +2261,14 @@ public class JNDIRealm extends RealmBase { return getPrincipal(name, gssCredential); } + @Override - protected Principal getPrincipal(String username, - GSSCredential gssCredential) { + protected Principal getPrincipal(String username, GSSCredential gssCredential) { JNDIConnection connection = null; Principal principal = null; try { - // Ensure that we have a directory context available connection = get(); @@ -2362,7 +2280,6 @@ public class JNDIRealm extends RealmBase { principal = getPrincipal(connection, username, gssCredential); } catch (CommunicationException | ServiceUnavailableException e) { - // log the exception so we know it's there. containerLog.info(sm.getString("jndiRealm.exception.retry"), e); @@ -2375,10 +2292,8 @@ public class JNDIRealm extends RealmBase { // Try the authentication again. principal = getPrincipal(connection, username, gssCredential); - } - // Release this context release(connection); @@ -2386,16 +2301,12 @@ public class JNDIRealm extends RealmBase { return principal; } catch (NamingException e) { - // Log the problem for posterity containerLog.error(sm.getString("jndiRealm.exception"), e); // Return "not authenticated" for this request return null; - } - - } @@ -2407,9 +2318,8 @@ public class JNDIRealm extends RealmBase { * @return the Principal associated with the given certificate. * @exception NamingException if a directory server error occurs */ - protected Principal getPrincipal(JNDIConnection connection, - String username, GSSCredential gssCredential) - throws NamingException { + protected Principal getPrincipal(JNDIConnection connection, String username, GSSCredential gssCredential) + throws NamingException { User user = null; List<String> roles = null; @@ -2421,12 +2331,9 @@ public class JNDIRealm extends RealmBase { // Preserve the current context environment parameters preservedEnvironment = context.getEnvironment(); // Set up context - context.addToEnvironment( - Context.SECURITY_AUTHENTICATION, "GSSAPI"); - context.addToEnvironment( - "javax.security.sasl.server.authentication", "true"); - context.addToEnvironment( - "javax.security.sasl.qop", spnegoDelegationQop); + context.addToEnvironment(Context.SECURITY_AUTHENTICATION, "GSSAPI"); + context.addToEnvironment("javax.security.sasl.server.authentication", "true"); + context.addToEnvironment("javax.security.sasl.qop", spnegoDelegationQop); // Note: Subject already set in SPNEGO authenticator so no need // for Subject.doAs() here } @@ -2436,23 +2343,20 @@ public class JNDIRealm extends RealmBase { } } finally { if (gssCredential != null && isUseDelegatedCredential()) { - restoreEnvironmentParameter(context, - Context.SECURITY_AUTHENTICATION, preservedEnvironment); - restoreEnvironmentParameter(context, - "javax.security.sasl.server.authentication", preservedEnvironment); - restoreEnvironmentParameter(context, "javax.security.sasl.qop", - preservedEnvironment); + restoreEnvironmentParameter(context, Context.SECURITY_AUTHENTICATION, preservedEnvironment); + restoreEnvironmentParameter(context, "javax.security.sasl.server.authentication", preservedEnvironment); + restoreEnvironmentParameter(context, "javax.security.sasl.qop", preservedEnvironment); } } if (user != null) { - return new GenericPrincipal(user.getUserName(), user.getPassword(), - roles, null, null, gssCredential); + return new GenericPrincipal(user.getUserName(), user.getPassword(), roles, null, null, gssCredential); } return null; } + private void restoreEnvironmentParameter(DirContext context, String parameterName, Hashtable<?, ?> preservedEnvironment) { try { @@ -2466,6 +2370,7 @@ public class JNDIRealm extends RealmBase { } } + /** * Open (if necessary) and return a connection to the configured * directory server for this Realm. @@ -2490,6 +2395,7 @@ public class JNDIRealm extends RealmBase { return connection; } + /** * Release our use of this connection so that it can be recycled. * @@ -2506,6 +2412,7 @@ public class JNDIRealm extends RealmBase { } } + /** * Create a new connection wrapper, along with the * message formats. @@ -2520,8 +2427,7 @@ public class JNDIRealm extends RealmBase { int len = userPatternArray.length; connection.userPatternFormatArray = new MessageFormat[len]; for (int i = 0; i < len; i++) { - connection.userPatternFormatArray[i] = - new MessageFormat(userPatternArray[i]); + connection.userPatternFormatArray[i] = new MessageFormat(userPatternArray[i]); } } if (roleBase != null) { @@ -2533,6 +2439,7 @@ public class JNDIRealm extends RealmBase { return connection; } + /** * Create a new connection to the directory server. * @param connection The directory server connection wrapper @@ -2567,12 +2474,14 @@ public class JNDIRealm extends RealmBase { } } + @Override public boolean isAvailable() { // Simple best effort check return (connectionPool != null || singleConnection.context != null); } + private DirContext createDirContext(Hashtable<String, String> env) throws NamingException { if (useStartTls) { return createTlsDirContext(env); @@ -2581,13 +2490,13 @@ public class JNDIRealm extends RealmBase { } } + private SSLSocketFactory getSSLSocketFactory() { if (sslSocketFactory != null) { return sslSocketFactory; } final SSLSocketFactory result; - if (this.sslSocketFactoryClassName != null - && !sslSocketFactoryClassName.trim().equals("")) { + if (this.sslSocketFactoryClassName != null && !sslSocketFactoryClassName.trim().equals("")) { result = createSSLSocketFactoryFromClassName(this.sslSocketFactoryClassName); } else { result = createSSLContextFactoryFromProtocol(sslProtocol); @@ -2596,6 +2505,7 @@ public class JNDIRealm extends RealmBase { return result; } + private SSLSocketFactory createSSLSocketFactoryFromClassName(String className) { try { Object o = constructInstance(className); @@ -2613,6 +2523,7 @@ public class JNDIRealm extends RealmBase { } } + private SSLSocketFactory createSSLContextFactoryFromProtocol(String protocol) { try { SSLContext sslContext; @@ -2624,14 +2535,13 @@ public class JNDIRealm extends RealmBase { } return sslContext.getSocketFactory(); } catch (NoSuchAlgorithmException | KeyManagementException e) { - List<String> allowedProtocols = Arrays - .asList(getSupportedSslProtocols()); - throw new IllegalArgumentException( - sm.getString("jndiRealm.invalidSslProtocol", protocol, - allowedProtocols), e); + List<String> allowedProtocols = Arrays.asList(getSupportedSslProtocols()); + throw new IllegalArgumentException(sm.getString("jndiRealm.invalidSslProtocol", + protocol, allowedProtocols), e); } } + /** * Create a tls enabled LdapContext and set the StartTlsResponse tls * instance variable. @@ -2642,12 +2552,10 @@ public class JNDIRealm extends RealmBase { * @throws NamingException * when something goes wrong while negotiating the connection */ - private DirContext createTlsDirContext( - Hashtable<String, String> env) throws NamingException { + private DirContext createTlsDirContext(Hashtable<String, String> env) throws NamingException { Map<String, Object> savedEnv = new HashMap<>(); - for (String key : Arrays.asList(Context.SECURITY_AUTHENTICATION, - Context.SECURITY_CREDENTIALS, Context.SECURITY_PRINCIPAL, - Context.SECURITY_PROTOCOL)) { + for (String key : Arrays.asList(Context.SECURITY_AUTHENTICATION, Context.SECURITY_CREDENTIALS, + Context.SECURITY_PRINCIPAL, Context.SECURITY_PROTOCOL)) { Object entry = env.remove(key); if (entry != null) { savedEnv.put(key, entry); @@ -2656,8 +2564,7 @@ public class JNDIRealm extends RealmBase { LdapContext result = null; try { result = new InitialLdapContext(env, null); - tls = (StartTlsResponse) result - .extendedOperation(new StartTlsRequest()); + tls = (StartTlsResponse) result.extendedOperation(new StartTlsRequest()); if (getHostnameVerifier() != null) { tls.setHostnameVerifier(getHostnameVerifier()); } @@ -2666,22 +2573,21 @@ public class JNDIRealm extends RealmBase { } try { SSLSession negotiate = tls.negotiate(getSSLSocketFactory()); - containerLog.debug(sm.getString("jndiRealm.negotiatedTls", - negotiate.getProtocol())); + containerLog.debug(sm.getString("jndiRealm.negotiatedTls", negotiate.getProtocol())); } catch (IOException e) { throw new NamingException(e.getMessage()); } } finally { if (result != null) { for (Map.Entry<String, Object> savedEntry : savedEnv.entrySet()) { - result.addToEnvironment(savedEntry.getKey(), - savedEntry.getValue()); + result.addToEnvironment(savedEntry.getKey(), savedEntry.getValue()); } } } return result; } + /** * Create our directory context configuration. * @@ -2692,40 +2598,48 @@ public class JNDIRealm extends RealmBase { Hashtable<String,String> env = new Hashtable<>(); // Configure our directory context environment. - if (containerLog.isDebugEnabled() && connectionAttempt == 0) + if (containerLog.isDebugEnabled() && connectionAttempt == 0) { containerLog.debug("Connecting to URL " + connectionURL); - else if (containerLog.isDebugEnabled() && connectionAttempt > 0) + } else if (containerLog.isDebugEnabled() && connectionAttempt > 0) { containerLog.debug("Connecting to URL " + alternateURL); + } env.put(Context.INITIAL_CONTEXT_FACTORY, contextFactory); - if (connectionName != null) + if (connectionName != null) { env.put(Context.SECURITY_PRINCIPAL, connectionName); - if (connectionPassword != null) + } + if (connectionPassword != null) { env.put(Context.SECURITY_CREDENTIALS, connectionPassword); - if (connectionURL != null && connectionAttempt == 0) + } + if (connectionURL != null && connectionAttempt == 0) { env.put(Context.PROVIDER_URL, connectionURL); - else if (alternateURL != null && connectionAttempt > 0) + } else if (alternateURL != null && connectionAttempt > 0) { env.put(Context.PROVIDER_URL, alternateURL); - if (authentication != null) + } + if (authentication != null) { env.put(Context.SECURITY_AUTHENTICATION, authentication); - if (protocol != null) + } + if (protocol != null) { env.put(Context.SECURITY_PROTOCOL, protocol); - if (referrals != null) + } + if (referrals != null) { env.put(Context.REFERRAL, referrals); - if (derefAliases != null) + } + if (derefAliases != null) { env.put(JNDIRealm.DEREF_ALIASES, derefAliases); - if (connectionTimeout != null) + } + if (connectionTimeout != null) { env.put("com.sun.jndi.ldap.connect.timeout", connectionTimeout); - if (readTimeout != null) + } + if (readTimeout != null) { env.put("com.sun.jndi.ldap.read.timeout", readTimeout); + } return env; - } // ------------------------------------------------------ Lifecycle Methods - /** * Prepare for the beginning of active use of the public methods of this * component and implement the requirements of @@ -2767,7 +2681,7 @@ public class JNDIRealm extends RealmBase { * @exception LifecycleException if this component detects a fatal error * that needs to be reported */ - @Override + @Override protected void stopInternal() throws LifecycleException { super.stopInternal(); // Close any open directory server connection @@ -2780,6 +2694,7 @@ public class JNDIRealm extends RealmBase { } } + /** * Given a string containing LDAP patterns for user locations (separated by * parentheses in a pseudo-LDAP search string format - @@ -2793,7 +2708,7 @@ public class JNDIRealm extends RealmBase { protected String[] parseUserPatternString(String userPatternString) { if (userPatternString != null) { - ArrayList<String> pathList = new ArrayList<>(); + List<String> pathList = new ArrayList<>(); int startParenLoc = userPatternString.indexOf('('); if (startParenLoc == -1) { // no parens here; return whole thing @@ -2814,8 +2729,7 @@ public class JNDIRealm extends RealmBase { while (userPatternString.charAt(endParenLoc - 1) == '\\') { endParenLoc = userPatternString.indexOf(')', endParenLoc+1); } - String nextPathPart = userPatternString.substring - (startParenLoc+1, endParenLoc); + String nextPathPart = userPatternString.substring(startParenLoc+1, endParenLoc); pathList.add(nextPathPart); startingPoint = endParenLoc+1; startParenLoc = userPatternString.indexOf('(', startingPoint); @@ -2823,7 +2737,6 @@ public class JNDIRealm extends RealmBase { return pathList.toArray(new String[] {}); } return null; - } @@ -2879,47 +2792,42 @@ public class JNDIRealm extends RealmBase { * @return String containing the distinguished name * @exception NamingException if a directory server error occurs */ - protected String getDistinguishedName(DirContext context, String base, - SearchResult result) throws NamingException { + protected String getDistinguishedName(DirContext context, String base, SearchResult result) throws NamingException { // Get the entry's distinguished name. For relative results, this means // we need to composite a name with the base name, the context name, and // the result name. For non-relative names, use the returned name. String resultName = result.getName(); Name name; if (result.isRelative()) { - if (containerLog.isTraceEnabled()) { - containerLog.trace(" search returned relative name: " + resultName); - } - NameParser parser = context.getNameParser(""); - Name contextName = parser.parse(context.getNameInNamespace()); - Name baseName = parser.parse(base); - - // Bugzilla 32269 - Name entryName = parser.parse(new CompositeName(resultName).get(0)); - - name = contextName.addAll(baseName); - name = name.addAll(entryName); + if (containerLog.isTraceEnabled()) { + containerLog.trace(" search returned relative name: " + resultName); + } + NameParser parser = context.getNameParser(""); + Name contextName = parser.parse(context.getNameInNamespace()); + Name baseName = parser.parse(base); + + // Bugzilla 32269 + Name entryName = parser.parse(new CompositeName(resultName).get(0)); + + name = contextName.addAll(baseName); + name = name.addAll(entryName); } else { - if (containerLog.isTraceEnabled()) { - containerLog.trace(" search returned absolute name: " + resultName); - } - try { - // Normalize the name by running it through the name parser. - NameParser parser = context.getNameParser(""); - URI userNameUri = new URI(resultName); - String pathComponent = userNameUri.getPath(); - // Should not ever have an empty path component, since that is /{DN} - if (pathComponent.length() < 1 ) { - throw new InvalidNameException( - "Search returned unparseable absolute name: " + - resultName ); - } - name = parser.parse(pathComponent.substring(1)); - } catch ( URISyntaxException e ) { - throw new InvalidNameException( - "Search returned unparseable absolute name: " + - resultName ); - } + if (containerLog.isTraceEnabled()) { + containerLog.trace(" search returned absolute name: " + resultName); + } + try { + // Normalize the name by running it through the name parser. + NameParser parser = context.getNameParser(""); + URI userNameUri = new URI(resultName); + String pathComponent = userNameUri.getPath(); + // Should not ever have an empty path component, since that is /{DN} + if (pathComponent.length() < 1 ) { + throw new InvalidNameException("Search returned unparseable absolute name: " + resultName); + } + name = parser.parse(pathComponent.substring(1)); + } catch ( URISyntaxException e ) { + throw new InvalidNameException("Search returned unparseable absolute name: " + resultName); + } } if (getForceDnHexEscape()) { @@ -3007,7 +2915,7 @@ public class JNDIRealm extends RealmBase { } - // ------------------------------------------------------ Private Classes + // ------------------------------------------------------ Protected Classes /** * A protected class representing a User @@ -3020,9 +2928,7 @@ public class JNDIRealm extends RealmBase { private final List<String> roles; private final String userRoleId; - - public User(String username, String dn, String password, - List<String> roles, String userRoleId) { + public User(String username, String dn, String password, List<String> roles, String userRoleId) { this.username = username; this.dn = dn; this.password = password; @@ -3055,6 +2961,7 @@ public class JNDIRealm extends RealmBase { } } + /** * Class holding the connection to the directory plus the associated * non thread safe message formats. @@ -3089,8 +2996,5 @@ public class JNDIRealm extends RealmBase { * The directory context linking us to our directory server. */ protected DirContext context = null; - } - } - --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org