This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 7.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 0f544f1b9a8f686346135a3cc8765c3179a6af2b Author: Mark Thomas <ma...@apache.org> AuthorDate: Tue Apr 13 16:01:13 2021 +0100 Code alignment with 8.5.x - no functional change --- java/org/apache/catalina/realm/JNDIRealm.java | 718 +++++++++++--------------- 1 file changed, 307 insertions(+), 411 deletions(-) diff --git a/java/org/apache/catalina/realm/JNDIRealm.java b/java/org/apache/catalina/realm/JNDIRealm.java index aef4053..a9032cf 100644 --- a/java/org/apache/catalina/realm/JNDIRealm.java +++ b/java/org/apache/catalina/realm/JNDIRealm.java @@ -183,7 +183,6 @@ import org.ietf.jgss.GSSName; */ public class JNDIRealm extends RealmBase { - // ----------------------------------------------------- Instance Variables /** @@ -196,13 +195,11 @@ public class JNDIRealm extends RealmBase { */ protected String connectionName = null; - /** * The connection password for the server we will contact. */ protected String connectionPassword = null; - /** * The connection URL for the server we will contact. */ @@ -222,7 +219,6 @@ public class JNDIRealm extends RealmBase { */ protected String contextFactory = "com.sun.jndi.ldap.LdapCtxFactory"; - /** * How aliases should be dereferenced during search operations. */ @@ -237,13 +233,13 @@ public class JNDIRealm extends RealmBase { /** * Descriptive information about this Realm implementation. */ - protected static final String info = - "org.apache.catalina.realm.JNDIRealm/1.0"; - + protected static final String info = "org.apache.catalina.realm.JNDIRealm/1.0"; /** * Descriptive information about this Realm implementation. + * @deprecated This will be removed in Tomcat 9 onwards. */ + @Deprecated protected static final String name = "JNDIRealm"; @@ -253,7 +249,6 @@ public class JNDIRealm extends RealmBase { */ protected String protocol = null; - /** * Should we ignore PartialResultExceptions when iterating over NamingEnumerations? * Microsoft Active Directory often returns referrals, which lead @@ -263,7 +258,6 @@ public class JNDIRealm extends RealmBase { */ protected boolean adCompat = false; - /** * How should we handle referrals? Microsoft Active Directory often returns * referrals. If you need to follow them set referrals to "follow". @@ -272,20 +266,17 @@ public class JNDIRealm extends RealmBase { */ protected String referrals = null; - /** * The base element for user searches. */ protected String userBase = ""; - /** * The message format used to search for a user, with "{0}" marking * the spot where the username goes. */ protected String userSearch = null; - /** * When searching for users, should the search be performed as the user * currently being authenticated? If false, {@link #connectionName} and @@ -294,7 +285,6 @@ public class JNDIRealm extends RealmBase { */ private boolean userSearchAsUser = false; - /** * The MessageFormat object associated with the current * <code>userSearch</code>. @@ -307,7 +297,6 @@ public class JNDIRealm extends RealmBase { */ protected boolean userSubtree = false; - /** * The attribute name used to retrieve the user password. */ @@ -321,7 +310,6 @@ public class JNDIRealm extends RealmBase { */ protected String userRoleAttribute = null; - /** * A string of LDAP user patterns or paths, ":"-separated * These will be used to form the distinguished name of a @@ -332,7 +320,6 @@ public class JNDIRealm extends RealmBase { */ protected String[] userPatternArray = null; - /** * The message format used to form the distinguished name of a * user, with "{0}" marking the spot where the specified username @@ -340,7 +327,6 @@ public class JNDIRealm extends RealmBase { */ protected String userPattern = null; - /** * An array of MessageFormat objects associated with the current * <code>userPatternArray</code>. @@ -352,34 +338,29 @@ public class JNDIRealm extends RealmBase { */ protected String roleBase = ""; - /** * The MessageFormat object associated with the current * <code>roleBase</code>. */ protected MessageFormat roleBaseFormat = null; - /** * The MessageFormat object associated with the current * <code>roleSearch</code>. */ protected MessageFormat roleFormat = null; - /** * The name of an attribute in the user's entry containing * roles for that user */ protected String userRoleName = null; - /** * The name of the attribute containing roles held elsewhere */ protected String roleName = null; - /** * The message format used to select roles for a user, with "{0}" marking * the spot where the distinguished name of the user goes. The "{1}" @@ -387,7 +368,6 @@ public class JNDIRealm extends RealmBase { */ protected String roleSearch = null; - /** * Should we search the entire subtree for matching memberships? */ @@ -422,7 +402,6 @@ public class JNDIRealm extends RealmBase { */ protected String commonRole = null; - /** * The timeout, in milliseconds, to use when trying to create a connection * to the directory. The default is 5000 (5 seconds). @@ -447,14 +426,12 @@ public class JNDIRealm extends RealmBase { */ protected int timeLimit = 0; - /** * Should delegated credentials from the SPNEGO authenticator be used if * available */ protected boolean useDelegatedCredential = true; - /** * The QOP that should be used for the connection to the LDAP server after * authentication. This value is used to set the @@ -519,37 +496,35 @@ public class JNDIRealm extends RealmBase { return forceDnHexEscape; } + public void setForceDnHexEscape(boolean forceDnHexEscape) { this.forceDnHexEscape = forceDnHexEscape; } + /** * @return the type of authentication to use. */ public String getAuthentication() { - return authentication; - } + /** * Set the type of authentication to use. * * @param authentication The authentication */ public void setAuthentication(String authentication) { - this.authentication = authentication; - } + /** * @return the connection username for this Realm. */ public String getConnectionName() { - return this.connectionName; - } @@ -559,9 +534,7 @@ public class JNDIRealm extends RealmBase { * @param connectionName The new connection username */ public void setConnectionName(String connectionName) { - this.connectionName = connectionName; - } @@ -569,9 +542,7 @@ public class JNDIRealm extends RealmBase { * @return the connection password for this Realm. */ public String getConnectionPassword() { - return this.connectionPassword; - } @@ -581,9 +552,7 @@ public class JNDIRealm extends RealmBase { * @param connectionPassword The new connection password */ public void setConnectionPassword(String connectionPassword) { - this.connectionPassword = connectionPassword; - } @@ -591,9 +560,7 @@ public class JNDIRealm extends RealmBase { * @return the connection URL for this Realm. */ public String getConnectionURL() { - return this.connectionURL; - } @@ -603,9 +570,7 @@ public class JNDIRealm extends RealmBase { * @param connectionURL The new connection URL */ public void setConnectionURL(String connectionURL) { - this.connectionURL = connectionURL; - } @@ -613,9 +578,7 @@ public class JNDIRealm extends RealmBase { * @return the JNDI context factory for this Realm. */ public String getContextFactory() { - return this.contextFactory; - } @@ -625,11 +588,10 @@ public class JNDIRealm extends RealmBase { * @param contextFactory The new context factory */ public void setContextFactory(String contextFactory) { - this.contextFactory = contextFactory; - } + /** * @return the derefAliases setting to be used. */ @@ -637,33 +599,32 @@ public class JNDIRealm extends RealmBase { return derefAliases; } + /** * Set the value for derefAliases to be used when searching the directory. * * @param derefAliases New value of property derefAliases. */ public void setDerefAliases(java.lang.String derefAliases) { - this.derefAliases = derefAliases; + this.derefAliases = derefAliases; } + /** * @return the protocol to be used. */ public String getProtocol() { - return protocol; - } + /** * Set the protocol for this Realm. * * @param protocol The new protocol. */ public void setProtocol(String protocol) { - this.protocol = protocol; - } @@ -707,9 +668,7 @@ public class JNDIRealm extends RealmBase { * @return the base element for user searches. */ public String getUserBase() { - return this.userBase; - } @@ -719,9 +678,7 @@ public class JNDIRealm extends RealmBase { * @param userBase The new base element */ public void setUserBase(String userBase) { - this.userBase = userBase; - } @@ -729,9 +686,7 @@ public class JNDIRealm extends RealmBase { * @return the message format pattern for selecting users in this Realm. */ public String getUserSearch() { - return this.userSearch; - } @@ -741,13 +696,12 @@ public class JNDIRealm extends RealmBase { * @param userSearch The new user search pattern */ public void setUserSearch(String userSearch) { - this.userSearch = userSearch; - if (userSearch == null) + if (userSearch == null) { userSearchFormat = null; - else + } else { userSearchFormat = new MessageFormat(userSearch); - + } } @@ -765,9 +719,7 @@ public class JNDIRealm extends RealmBase { * @return the "search subtree for users" flag. */ public boolean getUserSubtree() { - return this.userSubtree; - } @@ -777,9 +729,7 @@ public class JNDIRealm extends RealmBase { * @param userSubtree The new search flag */ public void setUserSubtree(boolean userSubtree) { - this.userSubtree = userSubtree; - } @@ -787,7 +737,6 @@ public class JNDIRealm extends RealmBase { * @return the user role name attribute name for this Realm. */ public String getUserRoleName() { - return userRoleName; } @@ -798,9 +747,7 @@ public class JNDIRealm extends RealmBase { * @param userRoleName The new userRole name attribute name */ public void setUserRoleName(String userRoleName) { - this.userRoleName = userRoleName; - } @@ -808,9 +755,7 @@ public class JNDIRealm extends RealmBase { * @return the base element for role searches. */ public String getRoleBase() { - return this.roleBase; - } @@ -820,13 +765,12 @@ public class JNDIRealm extends RealmBase { * @param roleBase The new base element */ public void setRoleBase(String roleBase) { - this.roleBase = roleBase; - if (roleBase == null) + if (roleBase == null) { roleBaseFormat = null; - else + } else { roleBaseFormat = new MessageFormat(roleBase); - + } } @@ -834,9 +778,7 @@ public class JNDIRealm extends RealmBase { * @return the role name attribute name for this Realm. */ public String getRoleName() { - return this.roleName; - } @@ -846,9 +788,7 @@ public class JNDIRealm extends RealmBase { * @param roleName The new role name attribute name */ public void setRoleName(String roleName) { - this.roleName = roleName; - } @@ -856,9 +796,7 @@ public class JNDIRealm extends RealmBase { * @return the message format pattern for selecting roles in this Realm. */ public String getRoleSearch() { - return this.roleSearch; - } @@ -868,13 +806,12 @@ public class JNDIRealm extends RealmBase { * @param roleSearch The new role search pattern */ public void setRoleSearch(String roleSearch) { - this.roleSearch = roleSearch; - if (roleSearch == null) + if (roleSearch == null) { roleFormat = null; - else + } else { roleFormat = new MessageFormat(roleSearch); - + } } @@ -892,9 +829,7 @@ public class JNDIRealm extends RealmBase { * @return the "search subtree for roles" flag. */ public boolean getRoleSubtree() { - return this.roleSubtree; - } @@ -904,18 +839,15 @@ public class JNDIRealm extends RealmBase { * @param roleSubtree The new search flag */ public void setRoleSubtree(boolean roleSubtree) { - this.roleSubtree = roleSubtree; - } + /** * @return the "The nested group search flag" flag. */ public boolean getRoleNested() { - return this.roleNested; - } @@ -925,9 +857,7 @@ public class JNDIRealm extends RealmBase { * @param roleNested The nested group search flag */ public void setRoleNested(boolean roleNested) { - this.roleNested = roleNested; - } @@ -935,9 +865,7 @@ public class JNDIRealm extends RealmBase { * @return the password attribute used to retrieve the user password. */ public String getUserPassword() { - return this.userPassword; - } @@ -947,9 +875,7 @@ public class JNDIRealm extends RealmBase { * @param userPassword The new password attribute */ public void setUserPassword(String userPassword) { - this.userPassword = userPassword; - } @@ -957,6 +883,7 @@ public class JNDIRealm extends RealmBase { return userRoleAttribute; } + public void setUserRoleAttribute(String userRoleAttribute) { this.userRoleAttribute = userRoleAttribute; } @@ -965,14 +892,10 @@ public class JNDIRealm extends RealmBase { * @return the message format pattern for selecting users in this Realm. */ public String getUserPattern() { - return this.userPattern; - } - - /** * Set the message format pattern for selecting users in this Realm. * This may be one simple pattern, or multiple patterns to be tried, @@ -984,11 +907,10 @@ public class JNDIRealm extends RealmBase { * @param userPattern The new user pattern */ public void setUserPattern(String userPattern) { - this.userPattern = userPattern; - if (userPattern == null) + if (userPattern == null) { userPatternArray = null; - else { + } else { userPatternArray = parseUserPatternString(userPattern); int len = this.userPatternArray.length; userPatternFormatArray = new MessageFormat[len]; @@ -1006,9 +928,7 @@ public class JNDIRealm extends RealmBase { * @return Value of property alternateURL. */ public String getAlternateURL() { - return this.alternateURL; - } @@ -1018,9 +938,7 @@ public class JNDIRealm extends RealmBase { * @param alternateURL New value of property alternateURL. */ public void setAlternateURL(String alternateURL) { - this.alternateURL = alternateURL; - } @@ -1028,9 +946,7 @@ public class JNDIRealm extends RealmBase { * @return the common role */ public String getCommonRole() { - return commonRole; - } @@ -1040,9 +956,7 @@ public class JNDIRealm extends RealmBase { * @param commonRole The common role */ public void setCommonRole(String commonRole) { - this.commonRole = commonRole; - } @@ -1050,9 +964,7 @@ public class JNDIRealm extends RealmBase { * @return the connection timeout. */ public String getConnectionTimeout() { - return connectionTimeout; - } @@ -1062,18 +974,15 @@ public class JNDIRealm extends RealmBase { * @param timeout The new connection timeout */ public void setConnectionTimeout(String timeout) { - this.connectionTimeout = timeout; - } + /** * @return the read timeout. */ public String getReadTimeout() { - return readTimeout; - } @@ -1083,9 +992,7 @@ public class JNDIRealm extends RealmBase { * @param timeout The new read timeout */ public void setReadTimeout(String timeout) { - this.readTimeout = timeout; - } @@ -1113,6 +1020,7 @@ public class JNDIRealm extends RealmBase { return useDelegatedCredential; } + public void setUseDelegatedCredential(boolean useDelegatedCredential) { this.useDelegatedCredential = useDelegatedCredential; } @@ -1122,6 +1030,7 @@ public class JNDIRealm extends RealmBase { return spnegoDelegationQop; } + public void setSpnegoDelegationQop(String spnegoDelegationQop) { this.spnegoDelegationQop = spnegoDelegationQop; } @@ -1145,6 +1054,7 @@ public class JNDIRealm extends RealmBase { return useStartTls; } + /** * Flag whether StartTLS should be used when connecting to the ldap server * @@ -1156,6 +1066,7 @@ public class JNDIRealm extends RealmBase { this.useStartTls = useStartTls; } + /** * @return list of the allowed cipher suites when connections are made using * StartTLS @@ -1175,6 +1086,7 @@ public class JNDIRealm extends RealmBase { return this.cipherSuitesArray; } + /** * Set the allowed cipher suites when opening a connection using StartTLS. * The cipher suites are expected as a comma separated list. @@ -1198,6 +1110,7 @@ public class JNDIRealm extends RealmBase { return this.hostnameVerifier.getClass().getCanonicalName(); } + /** * Set the {@link HostnameVerifier} to be used when opening connections * using StartTLS. An instance of the given class name will be constructed @@ -1214,6 +1127,7 @@ public class JNDIRealm extends RealmBase { } } + /** * @return the {@link HostnameVerifier} to use for peer certificate * verification when opening connections using StartTLS. @@ -1222,8 +1136,7 @@ public class JNDIRealm extends RealmBase { if (this.hostnameVerifier != null) { return this.hostnameVerifier; } - if (this.hostNameVerifierClassName == null - || hostNameVerifierClassName.equals("")) { + if (this.hostNameVerifierClassName == null || hostNameVerifierClassName.equals("")) { return null; } try { @@ -1267,6 +1180,7 @@ public class JNDIRealm extends RealmBase { } } + /** * Set the {@link SSLSocketFactory} to be used when opening connections * using StartTLS. An instance of the factory with the given name will be @@ -1280,6 +1194,7 @@ public class JNDIRealm extends RealmBase { this.sslSocketFactoryClassName = factoryClassName; } + /** * Set the ssl protocol to be used for connections using StartTLS. * @@ -1290,6 +1205,7 @@ public class JNDIRealm extends RealmBase { this.sslProtocol = protocol; } + /** * @return the list of supported ssl protocols by the default * {@link SSLContext} @@ -1303,6 +1219,7 @@ public class JNDIRealm extends RealmBase { } } + private Object constructInstance(String className) throws ClassNotFoundException, InstantiationException, IllegalAccessException, IllegalArgumentException, SecurityException, InvocationTargetException, NoSuchMethodException { @@ -1310,6 +1227,7 @@ public class JNDIRealm extends RealmBase { return clazz.getConstructor().newInstance(); } + // ---------------------------------------------------------- Realm Methods /** @@ -1337,10 +1255,11 @@ public class JNDIRealm extends RealmBase { // Ensure that we have a directory context available context = open(); - // Occasionally the directory context will timeout. Try one more - // time before giving up. try { + // Occasionally the directory context will timeout. Try one more + // time before giving up. + // Authenticate the specified username if possible principal = authenticate(context, username, credentials); @@ -1378,8 +1297,9 @@ public class JNDIRealm extends RealmBase { containerLog.info(sm.getString("jndiRealm.exception.retry"), e); // close the connection so we know it will be reopened. - if (context != null) + if (context != null) { close(context); + } // open a new directory context. context = open(); @@ -1400,26 +1320,20 @@ public class JNDIRealm extends RealmBase { // Log the problem for posterity containerLog.error(sm.getString("jndiRealm.exception"), e); - // Close the connection so that it gets reopened next time - if (context != null) + // close the connection so we know it will be reopened. + if (context != null) { close(context); + } // Return "not authenticated" for this request - if (containerLog.isDebugEnabled()) + if (containerLog.isDebugEnabled()) { containerLog.debug("Returning null principal."); + } return null; - } - } - // -------------------------------------------------------- Package Methods - - - // ------------------------------------------------------ Protected Methods - - /** * Return the Principal associated with the specified username and * credentials, if there is one; otherwise return <code>null</code>. @@ -1432,22 +1346,18 @@ public class JNDIRealm extends RealmBase { * * @exception NamingException if a directory server error occurs */ - public synchronized Principal authenticate(DirContext context, - String username, - String credentials) + public synchronized Principal authenticate(DirContext context, String username, String credentials) throws NamingException { - if (username == null || username.equals("") - || credentials == null || credentials.equals("")) { - if (containerLog.isDebugEnabled()) + if (username == null || username.equals("") || credentials == null || credentials.equals("")) { + if (containerLog.isDebugEnabled()) { containerLog.debug("username null or empty: returning null principal."); + } return null; } if (userPatternArray != null) { - for (int curUserPattern = 0; - curUserPattern < userPatternFormatArray.length; - curUserPattern++) { + for (int curUserPattern = 0; curUserPattern < userPatternFormatArray.length; curUserPattern++) { // Retrieve user information User user = getUser(context, username, credentials, curUserPattern); if (user != null) { @@ -1475,12 +1385,14 @@ public class JNDIRealm extends RealmBase { } else { // Retrieve user information User user = getUser(context, username, credentials); - if (user == null) + if (user == null) { return null; + } // Check the user's credentials - if (!checkCredentials(context, user, credentials)) + if (!checkCredentials(context, user, credentials)) { return null; + } // Search for additional roles List<String> roles = getRoles(context, user); @@ -1494,6 +1406,8 @@ public class JNDIRealm extends RealmBase { } + // ------------------------------------------------------ Protected Methods + /** * Return a User object containing information about the user * with the specified username, if found in the directory; @@ -1506,9 +1420,7 @@ public class JNDIRealm extends RealmBase { * * @see #getUser(DirContext, String, String, int) */ - protected User getUser(DirContext context, String username) - throws NamingException { - + protected User getUser(DirContext context, String username) throws NamingException { return getUser(context, username, null, -1); } @@ -1526,9 +1438,7 @@ public class JNDIRealm extends RealmBase { * * @see #getUser(DirContext, String, String, int) */ - protected User getUser(DirContext context, String username, String credentials) - throws NamingException { - + protected User getUser(DirContext context, String username, String credentials) throws NamingException { return getUser(context, username, credentials, -1); } @@ -1551,18 +1461,19 @@ public class JNDIRealm extends RealmBase { * @return the User object * @exception NamingException if a directory server error occurs */ - protected User getUser(DirContext context, String username, - String credentials, int curUserPattern) - throws NamingException { + protected User getUser(DirContext context, String username, String credentials, int curUserPattern) + throws NamingException { User user = null; // Get attributes to retrieve from user entry - ArrayList<String> list = new ArrayList<String>(); - if (userPassword != null) + List<String> list = new ArrayList<String>(); + if (userPassword != null) { list.add(userPassword); - if (userRoleName != null) + } + if (userRoleName != null) { list.add(userRoleName); + } if (userRoleAttribute != null) { list.add(userRoleAttribute); } @@ -1594,8 +1505,7 @@ public class JNDIRealm extends RealmBase { if (userPassword == null && credentials != null && user != null) { // The password is available. Insert it since it may be required for // role searches. - return new User(user.getUserName(), user.getDN(), credentials, - user.getRoles(), user.getUserRoleId()); + return new User(user.getUserName(), user.getDN(), credentials, user.getRoles(), user.getUserRoleId()); } return user; @@ -1615,11 +1525,8 @@ public class JNDIRealm extends RealmBase { * @return the User object * @exception NamingException if a directory server error occurs */ - protected User getUserByPattern(DirContext context, - String username, - String[] attrIds, - String dn) - throws NamingException { + protected User getUserByPattern(DirContext context, String username, String[] attrIds, String dn) + throws NamingException { // If no attributes are requested, no need to look for them if (attrIds == null || attrIds.length == 0) { @@ -1633,13 +1540,15 @@ public class JNDIRealm extends RealmBase { } catch (NameNotFoundException e) { return null; } - if (attrs == null) + if (attrs == null) { return null; + } // Retrieve value of userPassword String password = null; - if (userPassword != null) + if (userPassword != null) { password = getAttributeValue(userPassword, attrs); + } String userRoleAttrValue = null; if (userRoleAttribute != null) { @@ -1648,8 +1557,9 @@ public class JNDIRealm extends RealmBase { // Retrieve values of userRoleName attribute ArrayList<String> roles = null; - if (userRoleName != null) + if (userRoleName != null) { roles = addAttributeValues(userRoleName, attrs, roles); + } return new User(username, dn, password, roles, userRoleAttrValue); } @@ -1670,17 +1580,14 @@ public class JNDIRealm extends RealmBase { * @exception NamingException if a directory server error occurs * @see #getUserByPattern(DirContext, String, String[], String) */ - protected User getUserByPattern(DirContext context, - String username, - String credentials, - String[] attrIds, - int curUserPattern) - throws NamingException { + protected User getUserByPattern(DirContext context, String username, String credentials, String[] attrIds, + int curUserPattern) throws NamingException { User user = null; - if (username == null || userPatternFormatArray[curUserPattern] == null) + if (username == null || userPatternFormatArray[curUserPattern] == null) { return null; + } // Form the dn from the user pattern String dn = userPatternFormatArray[curUserPattern].format(new String[] { username }); @@ -1715,13 +1622,12 @@ public class JNDIRealm extends RealmBase { * @return the User object * @exception NamingException if a directory server error occurs */ - protected User getUserBySearch(DirContext context, - String username, - String[] attrIds) - throws NamingException { + protected User getUserBySearch(DirContext context, String username, String[] attrIds) + throws NamingException { - if (username == null || userSearchFormat == null) + if (username == null || userSearchFormat == null) { return null; + } // Form the search filter String filter = userSearchFormat.format(new String[] { username }); @@ -1739,12 +1645,12 @@ public class JNDIRealm extends RealmBase { constraints.setTimeLimit(timeLimit); // Specify the attributes to be retrieved - if (attrIds == null) + if (attrIds == null) { attrIds = new String[0]; + } constraints.setReturningAttributes(attrIds); - NamingEnumeration<SearchResult> results = - context.search(userBase, filter, constraints); + NamingEnumeration<SearchResult> results = context.search(userBase, filter, constraints); try { // Fail if no entries found @@ -1753,10 +1659,11 @@ public class JNDIRealm extends RealmBase { return null; } } catch (PartialResultException ex) { - if (!adCompat) + if (!adCompat) { throw ex; - else + } else { return null; + } } // Get result for the first entry found @@ -1765,29 +1672,34 @@ public class JNDIRealm extends RealmBase { // Check no further entries were found try { if (results.hasMore()) { - if(containerLog.isInfoEnabled()) + if (containerLog.isInfoEnabled()) { containerLog.info("username " + username + " has multiple entries"); + } return null; } } catch (PartialResultException ex) { - if (!adCompat) + if (!adCompat) { throw ex; + } } String dn = getDistinguishedName(context, userBase, result); - if (containerLog.isTraceEnabled()) + if (containerLog.isTraceEnabled()) { containerLog.trace(" entry found for " + username + " with dn " + dn); + } // Get the entry's attributes Attributes attrs = result.getAttributes(); - if (attrs == null) + if (attrs == null) { return null; + } // Retrieve value of userPassword String password = null; - if (userPassword != null) + if (userPassword != null) { password = getAttributeValue(userPassword, attrs); + } String userRoleAttrValue = null; if (userRoleAttribute != null) { @@ -1796,8 +1708,9 @@ public class JNDIRealm extends RealmBase { // Retrieve values of userRoleName attribute ArrayList<String> roles = null; - if (userRoleName != null) + if (userRoleName != null) { roles = addAttributeValues(userRoleName, attrs, roles); + } return new User(username, dn, password, roles, userRoleAttrValue); } finally { @@ -1823,30 +1736,25 @@ public class JNDIRealm extends RealmBase { * @return <code>true</code> if the credentials are validated * @exception NamingException if a directory server error occurs */ - protected boolean checkCredentials(DirContext context, - User user, - String credentials) - throws NamingException { + protected boolean checkCredentials(DirContext context, User user, String credentials) throws NamingException { - boolean validated = false; + boolean validated = false; - if (userPassword == null) { - validated = bindAsUser(context, user, credentials); - } else { - validated = compareCredentials(context, user, credentials); - } + if (userPassword == null) { + validated = bindAsUser(context, user, credentials); + } else { + validated = compareCredentials(context, user, credentials); + } - if (containerLog.isTraceEnabled()) { - if (validated) { - containerLog.trace(sm.getString("jndiRealm.authenticateSuccess", - user.getUserName())); - } else { - containerLog.trace(sm.getString("jndiRealm.authenticateFailure", - user.getUserName())); - } - } - return validated; - } + if (containerLog.isTraceEnabled()) { + if (validated) { + containerLog.trace(sm.getString("jndiRealm.authenticateSuccess", user.getUserName())); + } else { + containerLog.trace(sm.getString("jndiRealm.authenticateFailure", user.getUserName())); + } + } + return validated; + } /** @@ -1859,17 +1767,15 @@ public class JNDIRealm extends RealmBase { * @return <code>true</code> if the credentials are validated * @exception NamingException if a directory server error occurs */ - protected boolean compareCredentials(DirContext context, - User info, - String credentials) - throws NamingException { - + protected boolean compareCredentials(DirContext context, User info, String credentials) throws NamingException { // Validate the credentials specified by the user - if (containerLog.isTraceEnabled()) + if (containerLog.isTraceEnabled()) { containerLog.trace(" validating credentials"); + } - if (info == null || credentials == null) + if (info == null || credentials == null) { return false; + } String password = info.getPassword(); @@ -1886,21 +1792,20 @@ public class JNDIRealm extends RealmBase { * @return <code>true</code> if the credentials are validated * @exception NamingException if a directory server error occurs */ - protected boolean bindAsUser(DirContext context, - User user, - String credentials) - throws NamingException { + protected boolean bindAsUser(DirContext context, User user, String credentials) throws NamingException { - if (credentials == null || user == null) - return false; + if (credentials == null || user == null) { + return false; + } - String dn = user.getDN(); - if (dn == null) - return false; + String dn = user.getDN(); + if (dn == null) { + return false; + } - // Validate the credentials specified by the user - if (containerLog.isTraceEnabled()) { - containerLog.trace(" validating credentials by binding as the user"); + // Validate the credentials specified by the user + if (containerLog.isTraceEnabled()) { + containerLog.trace(" validating credentials by binding as the user"); } userCredentialsAdd(context, dn, credentials); @@ -1925,48 +1830,47 @@ public class JNDIRealm extends RealmBase { return validated; } - /** - * Configure the context to use the provided credentials for - * authentication. - * - * @param context DirContext to configure - * @param dn Distinguished name of user - * @param credentials Credentials of user - * @exception NamingException if a directory server error occurs - */ - private void userCredentialsAdd(DirContext context, String dn, - String credentials) throws NamingException { + + /** + * Configure the context to use the provided credentials for + * authentication. + * + * @param context DirContext to configure + * @param dn Distinguished name of user + * @param credentials Credentials of user + * @exception NamingException if a directory server error occurs + */ + private void userCredentialsAdd(DirContext context, String dn, String credentials) throws NamingException { // Set up security environment to bind as the user context.addToEnvironment(Context.SECURITY_PRINCIPAL, dn); context.addToEnvironment(Context.SECURITY_CREDENTIALS, credentials); } + /** * Configure the context to use {@link #connectionName} and * {@link #connectionPassword} if specified or an anonymous connection if * those attributes are not specified. * - * @param context DirContext to configure - * @exception NamingException if a directory server error occurs + * @param context DirContext to configure + * @exception NamingException if a directory server error occurs */ - private void userCredentialsRemove(DirContext context) - throws NamingException { + private void userCredentialsRemove(DirContext context) throws NamingException { // Restore the original security environment if (connectionName != null) { - context.addToEnvironment(Context.SECURITY_PRINCIPAL, - connectionName); + context.addToEnvironment(Context.SECURITY_PRINCIPAL, connectionName); } else { context.removeFromEnvironment(Context.SECURITY_PRINCIPAL); } if (connectionPassword != null) { - context.addToEnvironment(Context.SECURITY_CREDENTIALS, - connectionPassword); + context.addToEnvironment(Context.SECURITY_CREDENTIALS, connectionPassword); } else { context.removeFromEnvironment(Context.SECURITY_CREDENTIALS); } } + /** * Return a List of roles associated with the given User. Any * roles present in the user's directory entry are supplemented by @@ -1978,21 +1882,23 @@ public class JNDIRealm extends RealmBase { * @return the list of role names * @exception NamingException if a directory server error occurs */ - protected List<String> getRoles(DirContext context, User user) - throws NamingException { + protected List<String> getRoles(DirContext context, User user) throws NamingException { - if (user == null) + if (user == null) { return null; + } String dn = user.getDN(); String username = user.getUserName(); String userRoleId = user.getUserRoleId(); - if (dn == null || username == null) + if (dn == null || username == null) { return null; + } - if (containerLog.isTraceEnabled()) + if (containerLog.isTraceEnabled()) { containerLog.trace(" getRoles(" + dn + ")"); + } // Start with roles retrieved from the user entry List<String> list = new ArrayList<String>(); @@ -2000,8 +1906,9 @@ public class JNDIRealm extends RealmBase { if (userRoles != null) { list.addAll(userRoles); } - if (commonRole != null) + if (commonRole != null) { list.add(commonRole); + } if (containerLog.isTraceEnabled()) { containerLog.trace(" Found " + list.size() + " user internal roles"); @@ -2009,16 +1916,18 @@ public class JNDIRealm extends RealmBase { } // Are we configured to do role searches? - if ((roleFormat == null) || (roleName == null)) + if ((roleFormat == null) || (roleName == null)) { return list; + } // Set up parameters for an appropriate search String filter = roleFormat.format(new String[] { doRFC2254Encoding(dn), username, userRoleId }); SearchControls controls = new SearchControls(); - if (roleSubtree) + if (roleSubtree) { controls.setSearchScope(SearchControls.SUBTREE_SCOPE); - else + } else { controls.setSearchScope(SearchControls.ONELEVEL_SCOPE); + } controls.setReturningAttributes(new String[] {roleName}); String base = null; @@ -2038,16 +1947,18 @@ public class JNDIRealm extends RealmBase { NamingEnumeration<SearchResult> results = searchAsUser(context, user, base, filter, controls, isRoleSearchAsUser()); - if (results == null) + if (results == null) { return list; // Should never happen, but just in case ... + } - HashMap<String, String> groupMap = new HashMap<String, String>(); + Map<String, String> groupMap = new HashMap<String, String>(); try { while (results.hasMore()) { SearchResult result = results.next(); Attributes attrs = result.getAttributes(); - if (attrs == null) + if (attrs == null) { continue; + } String dname = getDistinguishedName(context, roleBase, result); String name = getAttributeValue(roleName, attrs); if (name != null && dname != null) { @@ -2055,8 +1966,9 @@ public class JNDIRealm extends RealmBase { } } } catch (PartialResultException ex) { - if (!adCompat) + if (!adCompat) { throw ex; + } } finally { results.close(); } @@ -2088,15 +2000,15 @@ public class JNDIRealm extends RealmBase { containerLog.trace("Perform a nested group search with base "+ roleBase + " and filter " + filter); } - results = searchAsUser(context, user, roleBase, filter, controls, - isRoleSearchAsUser()); + results = searchAsUser(context, user, roleBase, filter, controls, isRoleSearchAsUser()); try { while (results.hasMore()) { SearchResult result = results.next(); Attributes attrs = result.getAttributes(); - if (attrs == null) + if (attrs == null) { continue; + } String dname = getDistinguishedName(context, roleBase, result); String name = getAttributeValue(roleName, attrs); if (name != null && dname != null && !groupMap.keySet().contains(dname)) { @@ -2106,12 +2018,12 @@ public class JNDIRealm extends RealmBase { if (containerLog.isTraceEnabled()) { containerLog.trace(" Found nested role " + dname + " -> " + name); } - } - } + } } catch (PartialResultException ex) { - if (!adCompat) + if (!adCompat) { throw ex; + } } finally { results.close(); } @@ -2125,6 +2037,7 @@ public class JNDIRealm extends RealmBase { return list; } + /** * Perform the search on the context as the {@code dn}, when * {@code searchAsUser} is {@code true}, otherwise search the context with @@ -2147,8 +2060,7 @@ public class JNDIRealm extends RealmBase { * @throws NamingException * if a directory server error occurs */ - private NamingEnumeration<SearchResult> searchAsUser(DirContext context, - User user, String base, String filter, + private NamingEnumeration<SearchResult> searchAsUser(DirContext context, User user, String base, String filter, SearchControls controls, boolean searchAsUser) throws NamingException { NamingEnumeration<SearchResult> results; try { @@ -2173,26 +2085,30 @@ public class JNDIRealm extends RealmBase { * @return the attribute value * @exception NamingException if a directory server error occurs */ - private String getAttributeValue(String attrId, Attributes attrs) - throws NamingException { + private String getAttributeValue(String attrId, Attributes attrs) throws NamingException { - if (containerLog.isTraceEnabled()) + if (containerLog.isTraceEnabled()) { containerLog.trace(" retrieving attribute " + attrId); + } - if (attrId == null || attrs == null) + if (attrId == null || attrs == null) { return null; + } Attribute attr = attrs.get(attrId); - if (attr == null) + if (attr == null) { return null; + } Object value = attr.get(); - if (value == null) + if (value == null) { return null; + } String valueString = null; - if (value instanceof byte[]) + if (value instanceof byte[]) { valueString = new String((byte[]) value); - else + } else { valueString = value.toString(); + } return valueString; } @@ -2207,20 +2123,22 @@ public class JNDIRealm extends RealmBase { * @return the list of attribute values * @exception NamingException if a directory server error occurs */ - private ArrayList<String> addAttributeValues(String attrId, - Attributes attrs, - ArrayList<String> values) - throws NamingException{ + private ArrayList<String> addAttributeValues(String attrId, Attributes attrs, ArrayList<String> values) + throws NamingException { - if (containerLog.isTraceEnabled()) + if (containerLog.isTraceEnabled()) { containerLog.trace(" retrieving values for attribute " + attrId); - if (attrId == null || attrs == null) + } + if (attrId == null || attrs == null) { return values; - if (values == null) + } + if (values == null) { values = new ArrayList<String>(); + } Attribute attr = attrs.get(attrId); - if (attr == null) + if (attr == null) { return values; + } NamingEnumeration<?> e = attr.getAll(); try { while(e.hasMore()) { @@ -2228,8 +2146,9 @@ public class JNDIRealm extends RealmBase { values.add(value); } } catch (PartialResultException ex) { - if (!adCompat) + if (!adCompat) { throw ex; + } } finally { e.close(); } @@ -2245,8 +2164,9 @@ public class JNDIRealm extends RealmBase { protected void close(DirContext context) { // Do nothing if there is no opened connection - if (context == null) + if (context == null) { return; + } // Close tls startResponse if used if (tls != null) { @@ -2258,14 +2178,14 @@ public class JNDIRealm extends RealmBase { } // Close our opened connection try { - if (containerLog.isDebugEnabled()) + if (containerLog.isDebugEnabled()) { containerLog.debug("Closing directory context"); + } context.close(); } catch (NamingException e) { containerLog.error(sm.getString("jndiRealm.close"), e); } this.context = null; - } @@ -2299,9 +2219,9 @@ public class JNDIRealm extends RealmBase { } catch (NamingException e) { return null; } - } + /** * Get the principal associated with the specified certificate. * @param username The user name @@ -2312,9 +2232,9 @@ public class JNDIRealm extends RealmBase { return getPrincipal(username, null); } + @Override - protected Principal getPrincipal(GSSName gssName, - GSSCredential gssCredential) { + protected Principal getPrincipal(GSSName gssName, GSSCredential gssCredential) { String name = gssName.toString(); if (isStripRealmForGss()) { @@ -2328,15 +2248,14 @@ public class JNDIRealm extends RealmBase { return getPrincipal(name, gssCredential); } + @Override - protected Principal getPrincipal(String username, - GSSCredential gssCredential) { + protected Principal getPrincipal(String username, GSSCredential gssCredential) { DirContext context = null; Principal principal = null; try { - // Ensure that we have a directory context available context = open(); @@ -2353,8 +2272,9 @@ public class JNDIRealm extends RealmBase { containerLog.info(sm.getString("jndiRealm.exception.retry"), e); // close the connection so we know it will be reopened. - if (context != null) + if (context != null) { close(context); + } // open a new directory context. context = open(); @@ -2368,8 +2288,9 @@ public class JNDIRealm extends RealmBase { containerLog.info(sm.getString("jndiRealm.exception.retry"), e); // close the connection so we know it will be reopened. - if (context != null) + if (context != null) { close(context); + } // open a new directory context. context = open(); @@ -2379,7 +2300,6 @@ public class JNDIRealm extends RealmBase { } - // Release this context release(context); @@ -2387,7 +2307,6 @@ public class JNDIRealm extends RealmBase { return principal; } catch (NamingException e) { - // Log the problem for posterity containerLog.error(sm.getString("jndiRealm.exception"), e); @@ -2397,10 +2316,7 @@ public class JNDIRealm extends RealmBase { // Return "not authenticated" for this request return null; - } - - } @@ -2412,9 +2328,8 @@ public class JNDIRealm extends RealmBase { * @return the Principal associated with the given certificate. * @exception NamingException if a directory server error occurs */ - protected synchronized Principal getPrincipal(DirContext context, - String username, GSSCredential gssCredential) - throws NamingException { + protected synchronized Principal getPrincipal(DirContext context, String username, GSSCredential gssCredential) + throws NamingException { User user = null; List<String> roles = null; @@ -2425,12 +2340,9 @@ public class JNDIRealm extends RealmBase { // Preserve the current context environment parameters preservedEnvironment = context.getEnvironment(); // Set up context - context.addToEnvironment( - Context.SECURITY_AUTHENTICATION, "GSSAPI"); - context.addToEnvironment( - "javax.security.sasl.server.authentication", "true"); - context.addToEnvironment( - "javax.security.sasl.qop", spnegoDelegationQop); + context.addToEnvironment(Context.SECURITY_AUTHENTICATION, "GSSAPI"); + context.addToEnvironment("javax.security.sasl.server.authentication", "true"); + context.addToEnvironment("javax.security.sasl.qop", spnegoDelegationQop); // Note: Subject already set in SPNEGO authenticator so no need // for Subject.doAs() here } @@ -2440,23 +2352,20 @@ public class JNDIRealm extends RealmBase { } } finally { if (gssCredential != null && isUseDelegatedCredential()) { - restoreEnvironmentParameter(context, - Context.SECURITY_AUTHENTICATION, preservedEnvironment); - restoreEnvironmentParameter(context, - "javax.security.sasl.server.authentication", preservedEnvironment); - restoreEnvironmentParameter(context, "javax.security.sasl.qop", - preservedEnvironment); + restoreEnvironmentParameter(context, Context.SECURITY_AUTHENTICATION, preservedEnvironment); + restoreEnvironmentParameter(context, "javax.security.sasl.server.authentication", preservedEnvironment); + restoreEnvironmentParameter(context, "javax.security.sasl.qop", preservedEnvironment); } } if (user != null) { - return new GenericPrincipal(user.getUserName(), user.getPassword(), - roles, null, null, gssCredential); + return new GenericPrincipal(user.getUserName(), user.getPassword(), roles, null, null, gssCredential); } return null; } + private void restoreEnvironmentParameter(DirContext context, String parameterName, Hashtable<?, ?> preservedEnvironment) { try { @@ -2470,6 +2379,7 @@ public class JNDIRealm extends RealmBase { } } + /** * Open (if necessary) and return a connection to the configured * directory server for this Realm. @@ -2479,8 +2389,9 @@ public class JNDIRealm extends RealmBase { protected DirContext open() throws NamingException { // Do nothing if there is a directory server connection already open - if (context != null) + if (context != null) { return context; + } try { @@ -2498,27 +2409,21 @@ public class JNDIRealm extends RealmBase { // Not possible to reach this point and not throw an exception. // Later versions of Java allow us to simply use "throw e" here. } - connectionAttempt = 1; - // log the first exception. containerLog.info(sm.getString("jndiRealm.exception.retry"), e); - // Try connecting to the alternate url. context = createDirContext(getDirectoryContextEnvironment()); - } finally { - // reset it in case the connection times out. // the primary may come back. connectionAttempt = 0; - } return context; - } + private DirContext createDirContext(Hashtable<String, String> env) throws NamingException { if (useStartTls) { return createTlsDirContext(env); @@ -2527,13 +2432,13 @@ public class JNDIRealm extends RealmBase { } } + private SSLSocketFactory getSSLSocketFactory() { if (sslSocketFactory != null) { return sslSocketFactory; } final SSLSocketFactory result; - if (this.sslSocketFactoryClassName != null - && !sslSocketFactoryClassName.trim().equals("")) { + if (this.sslSocketFactoryClassName != null && !sslSocketFactoryClassName.trim().equals("")) { result = createSSLSocketFactoryFromClassName(this.sslSocketFactoryClassName); } else { result = createSSLContextFactoryFromProtocol(sslProtocol); @@ -2542,6 +2447,7 @@ public class JNDIRealm extends RealmBase { return result; } + private SSLSocketFactory createSSLSocketFactoryFromClassName(String className) { try { Object o = constructInstance(className); @@ -2583,6 +2489,7 @@ public class JNDIRealm extends RealmBase { } } + private SSLSocketFactory createSSLContextFactoryFromProtocol(String protocol) { try { SSLContext sslContext; @@ -2600,14 +2507,13 @@ public class JNDIRealm extends RealmBase { sm.getString("jndiRealm.invalidSslProtocol", protocol, allowedProtocols), e); } catch (KeyManagementException e) { - List<String> allowedProtocols = Arrays - .asList(getSupportedSslProtocols()); - throw new IllegalArgumentException( - sm.getString("jndiRealm.invalidSslProtocol", protocol, - allowedProtocols), e); + List<String> allowedProtocols = Arrays.asList(getSupportedSslProtocols()); + throw new IllegalArgumentException(sm.getString("jndiRealm.invalidSslProtocol", + protocol, allowedProtocols), e); } } + /** * Create a tls enabled LdapContext and set the StartTlsResponse tls * instance variable. @@ -2618,12 +2524,10 @@ public class JNDIRealm extends RealmBase { * @throws NamingException * when something goes wrong while negotiating the connection */ - private DirContext createTlsDirContext( - Hashtable<String, String> env) throws NamingException { + private DirContext createTlsDirContext(Hashtable<String, String> env) throws NamingException { Map<String, Object> savedEnv = new HashMap<String, Object>(); - for (String key : Arrays.asList(Context.SECURITY_AUTHENTICATION, - Context.SECURITY_CREDENTIALS, Context.SECURITY_PRINCIPAL, - Context.SECURITY_PROTOCOL)) { + for (String key : Arrays.asList(Context.SECURITY_AUTHENTICATION, Context.SECURITY_CREDENTIALS, + Context.SECURITY_PRINCIPAL, Context.SECURITY_PROTOCOL)) { Object entry = env.remove(key); if (entry != null) { savedEnv.put(key, entry); @@ -2632,8 +2536,7 @@ public class JNDIRealm extends RealmBase { LdapContext result = null; try { result = new InitialLdapContext(env, null); - tls = (StartTlsResponse) result - .extendedOperation(new StartTlsRequest()); + tls = (StartTlsResponse) result.extendedOperation(new StartTlsRequest()); if (getHostnameVerifier() != null) { tls.setHostnameVerifier(getHostnameVerifier()); } @@ -2642,22 +2545,21 @@ public class JNDIRealm extends RealmBase { } try { SSLSession negotiate = tls.negotiate(getSSLSocketFactory()); - containerLog.debug(sm.getString("jndiRealm.negotiatedTls", - negotiate.getProtocol())); + containerLog.debug(sm.getString("jndiRealm.negotiatedTls", negotiate.getProtocol())); } catch (IOException e) { throw new NamingException(e.getMessage()); } } finally { if (result != null) { for (Map.Entry<String, Object> savedEntry : savedEnv.entrySet()) { - result.addToEnvironment(savedEntry.getKey(), - savedEntry.getValue()); + result.addToEnvironment(savedEntry.getKey(), savedEntry.getValue()); } } } return result; } + /** * Create our directory context configuration. * @@ -2668,31 +2570,41 @@ public class JNDIRealm extends RealmBase { Hashtable<String,String> env = new Hashtable<String,String>(); // Configure our directory context environment. - if (containerLog.isDebugEnabled() && connectionAttempt == 0) + if (containerLog.isDebugEnabled() && connectionAttempt == 0) { containerLog.debug("Connecting to URL " + connectionURL); - else if (containerLog.isDebugEnabled() && connectionAttempt > 0) + } else if (containerLog.isDebugEnabled() && connectionAttempt > 0) { containerLog.debug("Connecting to URL " + alternateURL); + } env.put(Context.INITIAL_CONTEXT_FACTORY, contextFactory); - if (connectionName != null) + if (connectionName != null) { env.put(Context.SECURITY_PRINCIPAL, connectionName); - if (connectionPassword != null) + } + if (connectionPassword != null) { env.put(Context.SECURITY_CREDENTIALS, connectionPassword); - if (connectionURL != null && connectionAttempt == 0) + } + if (connectionURL != null && connectionAttempt == 0) { env.put(Context.PROVIDER_URL, connectionURL); - else if (alternateURL != null && connectionAttempt > 0) + } else if (alternateURL != null && connectionAttempt > 0) { env.put(Context.PROVIDER_URL, alternateURL); - if (authentication != null) + } + if (authentication != null) { env.put(Context.SECURITY_AUTHENTICATION, authentication); - if (protocol != null) + } + if (protocol != null) { env.put(Context.SECURITY_PROTOCOL, protocol); - if (referrals != null) + } + if (referrals != null) { env.put(Context.REFERRAL, referrals); - if (derefAliases != null) + } + if (derefAliases != null) { env.put(JNDIRealm.DEREF_ALIASES, derefAliases); - if (connectionTimeout != null) + } + if (connectionTimeout != null) { env.put("com.sun.jndi.ldap.connect.timeout", connectionTimeout); - if (readTimeout != null) + } + if (readTimeout != null) { env.put("com.sun.jndi.ldap.read.timeout", readTimeout); + } return env; @@ -2705,15 +2617,12 @@ public class JNDIRealm extends RealmBase { * @param context The directory context to release */ protected void release(DirContext context) { - // NO-OP since we are not pooling anything - } // ------------------------------------------------------ Lifecycle Methods - /** * Prepare for the beginning of active use of the public methods of this * component and implement the requirements of @@ -2748,16 +2657,15 @@ public class JNDIRealm extends RealmBase { * @exception LifecycleException if this component detects a fatal error * that needs to be reported */ - @Override + @Override protected void stopInternal() throws LifecycleException { - super.stopInternal(); - // Close any open directory server connection close(this.context); } + /** * Given a string containing LDAP patterns for user locations (separated by * parentheses in a pseudo-LDAP search string format - @@ -2771,7 +2679,7 @@ public class JNDIRealm extends RealmBase { protected String[] parseUserPatternString(String userPatternString) { if (userPatternString != null) { - ArrayList<String> pathList = new ArrayList<String>(); + List<String> pathList = new ArrayList<String>(); int startParenLoc = userPatternString.indexOf('('); if (startParenLoc == -1) { // no parens here; return whole thing @@ -2792,8 +2700,7 @@ public class JNDIRealm extends RealmBase { while (userPatternString.charAt(endParenLoc - 1) == '\\') { endParenLoc = userPatternString.indexOf(')', endParenLoc+1); } - String nextPathPart = userPatternString.substring - (startParenLoc+1, endParenLoc); + String nextPathPart = userPatternString.substring(startParenLoc+1, endParenLoc); pathList.add(nextPathPart); startingPoint = endParenLoc+1; startParenLoc = userPatternString.indexOf('(', startingPoint); @@ -2801,7 +2708,6 @@ public class JNDIRealm extends RealmBase { return pathList.toArray(new String[] {}); } return null; - } @@ -2857,49 +2763,42 @@ public class JNDIRealm extends RealmBase { * @return String containing the distinguished name * @exception NamingException if a directory server error occurs */ - protected String getDistinguishedName(DirContext context, String base, - SearchResult result) throws NamingException { + protected String getDistinguishedName(DirContext context, String base, SearchResult result) throws NamingException { // Get the entry's distinguished name. For relative results, this means // we need to composite a name with the base name, the context name, and // the result name. For non-relative names, use the returned name. + String resultName = result.getName(); Name name; if (result.isRelative()) { - if (containerLog.isTraceEnabled()) { - containerLog.trace(" search returned relative name: " + - result.getName()); - } - NameParser parser = context.getNameParser(""); - Name contextName = parser.parse(context.getNameInNamespace()); - Name baseName = parser.parse(base); - - // Bugzilla 32269 - Name entryName = - parser.parse(new CompositeName(result.getName()).get(0)); - - name = contextName.addAll(baseName); - name = name.addAll(entryName); + if (containerLog.isTraceEnabled()) { + containerLog.trace(" search returned relative name: " + resultName); + } + NameParser parser = context.getNameParser(""); + Name contextName = parser.parse(context.getNameInNamespace()); + Name baseName = parser.parse(base); + + // Bugzilla 32269 + Name entryName = parser.parse(new CompositeName(resultName).get(0)); + + name = contextName.addAll(baseName); + name = name.addAll(entryName); } else { - String absoluteName = result.getName(); - if (containerLog.isTraceEnabled()) - containerLog.trace(" search returned absolute name: " + - result.getName()); - try { - // Normalize the name by running it through the name parser. - NameParser parser = context.getNameParser(""); - URI userNameUri = new URI(absoluteName); - String pathComponent = userNameUri.getPath(); - // Should not ever have an empty path component, since that is /{DN} - if (pathComponent.length() < 1 ) { - throw new InvalidNameException( - "Search returned unparseable absolute name: " + - absoluteName ); - } - name = parser.parse(pathComponent.substring(1)); - } catch ( URISyntaxException e ) { - throw new InvalidNameException( - "Search returned unparseable absolute name: " + - absoluteName ); - } + if (containerLog.isTraceEnabled()) { + containerLog.trace(" search returned absolute name: " + resultName); + } + try { + // Normalize the name by running it through the name parser. + NameParser parser = context.getNameParser(""); + URI userNameUri = new URI(resultName); + String pathComponent = userNameUri.getPath(); + // Should not ever have an empty path component, since that is /{DN} + if (pathComponent.length() < 1 ) { + throw new InvalidNameException("Search returned unparseable absolute name: " + resultName); + } + name = parser.parse(pathComponent.substring(1)); + } catch ( URISyntaxException e ) { + throw new InvalidNameException("Search returned unparseable absolute name: " + resultName); + } } if (getForceDnHexEscape()) { @@ -2987,7 +2886,7 @@ public class JNDIRealm extends RealmBase { } - // ------------------------------------------------------ Private Classes + // ------------------------------------------------------ Protected Classes /** * A protected class representing a User @@ -3000,9 +2899,7 @@ public class JNDIRealm extends RealmBase { private final List<String> roles; private final String userRoleId; - - public User(String username, String dn, String password, - List<String> roles, String userRoleId) { + public User(String username, String dn, String password, List<String> roles, String userRoleId) { this.username = username; this.dn = dn; this.password = password; @@ -3035,4 +2932,3 @@ public class JNDIRealm extends RealmBase { } } } - --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org