Author: markt
Date: Sun Apr 11 12:51:40 2010
New Revision: 932884
URL: http://svn.apache.org/viewvc?rev=932884&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=48629
Allow user names as well as DNs to be used with the nested role search
Add roleNested to the docs
Patch provided by Felix Schumacher
Modified:
tomcat/tc6.0.x/trunk/STATUS.txt
tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/JNDIRealm.java
tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
tomcat/tc6.0.x/trunk/webapps/docs/realm-howto.xml
Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=932884&r1=932883&r2=932884&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/STATUS.txt (original)
+++ tomcat/tc6.0.x/trunk/STATUS.txt Sun Apr 11 12:51:40 2010
@@ -99,14 +99,6 @@ PATCHES PROPOSED TO BACKPORT:
+1: kkolinko, markt, rjung
-1:
-* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=48629
- Allow user names as well as DNs to be used with the nested role search
- Add roleNested to the docs
- Patch provided by Felix Schumacher
- http://svn.apache.org/viewvc?rev=920422&view=rev
- +1: markt, kkolinko, rjung
- -1:
-
* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=48729
Return roles defined by both userRoleName and roleName mechanisms
Patch provided by 'eric'
Modified: tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/JNDIRealm.java
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/JNDIRealm.java?rev=932884&r1=932883&r2=932884&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/JNDIRealm.java
(original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/JNDIRealm.java Sun Apr
11 12:51:40 2010
@@ -29,7 +29,9 @@ import java.util.HashSet;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
+import java.util.Map;
import java.util.Set;
+import java.util.Map.Entry;
import javax.naming.Context;
import javax.naming.CommunicationException;
@@ -1679,12 +1681,12 @@ public class JNDIRealm extends RealmBase
// Directory Groups". It avoids group slurping and handles cyclic
group memberships as well.
// See http://middleware.internet2.edu/dir/ for details
- Set<String> newGroupDNs = new HashSet<String>(groupMap.keySet());
- while (!newGroupDNs.isEmpty()) {
- Set<String> newThisRound = new HashSet<String>(); // Stores
the groups we find in this iteration
+ Map<String, String> newGroups = new
HashMap<String,String>(groupMap);
+ while (!newGroups.isEmpty()) {
+ Map<String, String> newThisRound = new HashMap<String,
String>(); // Stores the groups we find in this iteration
- for (String groupDN : newGroupDNs) {
- filter = roleFormat.format(new String[] { groupDN });
+ for (Entry<String, String> group : newGroups.entrySet()) {
+ filter = roleFormat.format(new String[] { group.getKey(),
group.getValue() });
if (containerLog.isTraceEnabled()) {
containerLog.trace("Perform a nested group search with
base "+ roleBase + " and filter " + filter);
@@ -1702,7 +1704,7 @@ public class JNDIRealm extends RealmBase
String name = getAttributeValue(roleName, attrs);
if (name != null && dname != null &&
!groupMap.keySet().contains(dname)) {
groupMap.put(dname, name);
- newThisRound.add(dname);
+ newThisRound.put(dname, name);
if (containerLog.isTraceEnabled()) {
containerLog.trace(" Found nested role "
+ dname + " -> " + name);
@@ -1716,7 +1718,7 @@ public class JNDIRealm extends RealmBase
}
}
- newGroupDNs = newThisRound;
+ newGroups = newThisRound;
}
}
Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=932884&r1=932883&r2=932884&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Sun Apr 11 12:51:40 2010
@@ -46,6 +46,11 @@
identification. (markt)
</add>
<fix>
+ <bug>48629</bug>: Allow user names as well as DNs to be used with the
+ nested role search. Add roleNested to the documentation. Patch provided
+ by Felix Schumacher. (markt)
+ </fix>
+ <fix>
<bug>48661</bug>: Make error page behavior consistent, regardless of
how
the error page is defined. If a response has been committed, always
include the error page. (markt)
Modified: tomcat/tc6.0.x/trunk/webapps/docs/realm-howto.xml
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/realm-howto.xml?rev=932884&r1=932883&r2=932884&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/docs/realm-howto.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/realm-howto.xml Sun Apr 11 12:51:40 2010
@@ -651,6 +651,12 @@ find the names of roles associated with
<li><strong>roleName</strong> - the attribute in a role entry
containing the name of that role.</li>
+<li><strong>roleNested</strong> - enable nested roles. Set to
+ <code>true</code> if you want to nest roles in roles. If configured
+ every newly found roleName and distinguished
+ Name will be recursively tried for a new role search.
+ The default value is <code>false</code>.</li>
+
</ul>
</li>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
