User: starksm
Date: 01/09/08 23:37:28
Modified: src/main/org/jboss/security/auth/spi LdapLoginModule.java
Log:
Add matchOnUserDN option flag to allow one to specify that user roles
should be matched against the full user distinguished name rather than
just the username.
Revision Changes Path
1.4 +18 -3
jbosssx/src/main/org/jboss/security/auth/spi/LdapLoginModule.java
Index: LdapLoginModule.java
===================================================================
RCS file:
/cvsroot/jboss/jbosssx/src/main/org/jboss/security/auth/spi/LdapLoginModule.java,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- LdapLoginModule.java 2001/08/03 20:29:03 1.3
+++ LdapLoginModule.java 2001/09/09 06:37:28 1.4
@@ -68,7 +68,10 @@
uidAttributeName : The name of the attribute that in the object containing
the user roles that corresponds to the userid. This is used to locate the
user roles.
-
+matchOnUserDN : A flag indicating if the search for user roles should match
+ on the user's fully distinguished name. If false just the username is used
+ as the match value. If true, the userDN is used as the match value.
+
A sample login config:
testLdap {
org.jboss.security.plugins.samples.LdapLoginModule required
@@ -83,7 +86,7 @@
};
@author [EMAIL PROTECTED]
- @version $Revision: 1.3 $
+ @version $Revision: 1.4 $
*/
public class LdapLoginModule extends UsernamePasswordLoginModule
{
@@ -93,6 +96,7 @@
private static final String ROLES_CTX_DN_OPT = "rolesCtxDN";
private static final String UID_ATTRIBUTE_ID_OPT = "uidAttributeID";
private static final String ROLE_ATTRIBUTE_ID_OPT = "roleAttributeID";
+ private static final String MATCH_ON_USER_DN_OPT = "matchOnUserDN";
public LdapLoginModule()
{
@@ -122,6 +126,12 @@
return roleSets;
}
+ /** Validate the inputPassword by creating a ldap InitialContext with the
+ SECURITY_CREDENTIALS set to the password.
+
+ @param inputPassword the password to validate.
+ @param expectedPassword ignored
+ */
protected boolean validatePassword(String inputPassword, String expectedPassword)
{
boolean isValid = false;
@@ -174,6 +184,8 @@
String principalDNSuffix = (String) options.get(PRINCIPAL_DN_SUFFIX_OPT);
if( principalDNSuffix == null )
principalDNSuffix="";
+ String matchType = (String) options.get(MATCH_ON_USER_DN_OPT);
+ boolean matchOnUserDN = Boolean.valueOf(matchType).booleanValue();
String userDN = principalDNPrefix + username + principalDNSuffix;
env.setProperty(Context.PROVIDER_URL, providerURL);
env.setProperty(Context.SECURITY_PRINCIPAL, userDN);
@@ -192,7 +204,10 @@
if( roleAttrName == null )
roleAttrName = "roles";
BasicAttributes matchAttrs = new BasicAttributes(true);
- matchAttrs.put(uidAttrName, username);
+ if( matchOnUserDN == true )
+ matchAttrs.put(uidAttrName, userDN);
+ else
+ matchAttrs.put(uidAttrName, username);
String[] roleAttr =
{roleAttrName};
try
_______________________________________________
Jboss-development mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-development
