realm.xml

markt Tue, 22 Feb 2011 03:48:39 -0800

Author: markt
Date: Tue Feb 22 11:48:09 2011
New Revision: 1073301

URL: http://svn.apache.org/viewvc?rev=1073301&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=21669
Add the ability to specify the roleBase for the JNDI Realm as relative to the 
users DN. Based on a patch by Art W.


Modified:
    tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java
    tomcat/trunk/webapps/docs/changelog.xml
    tomcat/trunk/webapps/docs/config/realm.xml

Modified: tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java?rev=1073301&r1=1073300&r2=1073301&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java (original)
+++ tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java Tue Feb 22 
11:48:09 2011
@@ -330,6 +330,13 @@ public class JNDIRealm extends RealmBase
 
     /**
      * The MessageFormat object associated with the current
+     * <code>roleBase</code>.
+     */
+    protected MessageFormat roleBaseFormat = null;
+
+
+    /**
+     * The MessageFormat object associated with the current
      * <code>roleSearch</code>.
      */
     protected MessageFormat roleFormat = null;
@@ -697,6 +704,10 @@ public class JNDIRealm extends RealmBase
     public void setRoleBase(String roleBase) {
 
         this.roleBase = roleBase;
+        if (roleBase == null)
+            roleBaseFormat = null;
+        else
+            roleBaseFormat = new MessageFormat(roleBase);
 
     }
 
@@ -1698,13 +1709,24 @@ public class JNDIRealm extends RealmBase
             controls.setSearchScope(SearchControls.ONELEVEL_SCOPE);
         controls.setReturningAttributes(new String[] {roleName});
 
+        String base = null;
+        if (roleBaseFormat != null) {
+            NameParser np = context.getNameParser("");
+            Name name = np.parse(dn);
+            String nameParts[] = new String[name.size()];
+            for (int i = 0; i < name.size(); i++) {
+                nameParts[i] = name.get(i);
+            }
+            base = roleBaseFormat.format(nameParts);
+        }
+
         // Perform the configured search and process the results
         NamingEnumeration<SearchResult> results = null;
         try {
             if (roleSearchAsUser) {
                 userCredentialsAdd(context, dn, user.getPassword());
             }
-            results = context.search(roleBase, filter, controls);
+            results = context.search(base, filter, controls);
         } finally {
             if (roleSearchAsUser) {
                 userCredentialsRemove(context);

Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1073301&r1=1073300&r2=1073301&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Tue Feb 22 11:48:09 2011
@@ -49,6 +49,10 @@
         <bug>19444</bug>: Add an option to the JNDI realm to allow role 
searches
         to be performed by the authenticated user. (markt)
       </add>
+      <add>
+        <bug>21669</bug>: Add the ability to specify the roleBase for the JNDI
+        Realm as relative to the users DN. Based on a patch by Art W. (markt)
+      </add>
       <fix>
         <bug>48863</bug>: Better logging when specifying an invalid directory
         for a class loader. Based on a patch by Ralf Hauser. (markt)

Modified: tomcat/trunk/webapps/docs/config/realm.xml
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/realm.xml?rev=1073301&r1=1073300&r2=1073301&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/config/realm.xml (original)
+++ tomcat/trunk/webapps/docs/config/realm.xml Tue Feb 22 11:48:09 2011
@@ -387,9 +387,12 @@
       </attribute>
 
       <attribute name="roleBase" required="false">
-        <p>The base directory entry for performing role searches. If
-        not specified the top-level element in the directory context
-        will be used.</p>
+        <p>The base directory entry for performing role searches. If not
+        specified the top-level element in the directory context will be used.
+        If specified it may optionally include pattern replacements
+        &quot;{0}&quot;..&quot;{n}&quot; corrosponding to the name parts of the
+        user's distinguished name (as returned by
+        <code>javax.naming.Name.get()</code>).</p>
       </attribute>
 
       <attribute name="roleName" required="false">



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1073301 - in /tomcat/trunk: java/org/apache/catalina/realm/JNDIRealm.java webapps/docs/changelog.xml webapps/docs/config/realm.xml

Reply via email to