User: starksm
Date: 01/09/25 23:35:58
Modified: src/main/org/jboss/security/auth/spi Tag: Branch_2_4
LdapLoginModule.java
Log:
matchOnUserDN : A flag indicating if the search for user roles should match
on the user's fully distinguished name. If false just the username is used
as the match value. If true, the userDN is used as the match value.
Revision Changes Path
No revision
No revision
1.1.4.3 +18 -3
jbosssx/src/main/org/jboss/security/auth/spi/LdapLoginModule.java
Index: LdapLoginModule.java
===================================================================
RCS file:
/cvsroot/jboss/jbosssx/src/main/org/jboss/security/auth/spi/LdapLoginModule.java,v
retrieving revision 1.1.4.2
retrieving revision 1.1.4.3
diff -u -r1.1.4.2 -r1.1.4.3
--- LdapLoginModule.java 2001/08/03 20:31:18 1.1.4.2
+++ LdapLoginModule.java 2001/09/26 06:35:55 1.1.4.3
@@ -68,7 +68,10 @@
uidAttributeName : The name of the attribute that in the object containing
the user roles that corresponds to the userid. This is used to locate the
user roles.
-
+matchOnUserDN : A flag indicating if the search for user roles should match
+ on the user's fully distinguished name. If false just the username is used
+ as the match value. If true, the userDN is used as the match value.
+
A sample login config:
testLdap {
org.jboss.security.plugins.samples.LdapLoginModule required
@@ -83,7 +86,7 @@
};
@author [EMAIL PROTECTED]
- @version $Revision: 1.1.4.2 $
+ @version $Revision: 1.1.4.3 $
*/
public class LdapLoginModule extends UsernamePasswordLoginModule
{
@@ -93,6 +96,7 @@
private static final String ROLES_CTX_DN_OPT = "rolesCtxDN";
private static final String UID_ATTRIBUTE_ID_OPT = "uidAttributeID";
private static final String ROLE_ATTRIBUTE_ID_OPT = "roleAttributeID";
+ private static final String MATCH_ON_USER_DN_OPT = "matchOnUserDN";
public LdapLoginModule()
{
@@ -122,6 +126,12 @@
return roleSets;
}
+ /** Validate the inputPassword by creating a ldap InitialContext with the
+ SECURITY_CREDENTIALS set to the password.
+
+ @param inputPassword the password to validate.
+ @param expectedPassword ignored
+ */
protected boolean validatePassword(String inputPassword, String expectedPassword)
{
boolean isValid = false;
@@ -174,6 +184,8 @@
String principalDNSuffix = (String) options.get(PRINCIPAL_DN_SUFFIX_OPT);
if( principalDNSuffix == null )
principalDNSuffix="";
+ String matchType = (String) options.get(MATCH_ON_USER_DN_OPT);
+ boolean matchOnUserDN = Boolean.valueOf(matchType).booleanValue();
String userDN = principalDNPrefix + username + principalDNSuffix;
env.setProperty(Context.PROVIDER_URL, providerURL);
env.setProperty(Context.SECURITY_PRINCIPAL, userDN);
@@ -192,7 +204,10 @@
if( roleAttrName == null )
roleAttrName = "roles";
BasicAttributes matchAttrs = new BasicAttributes(true);
- matchAttrs.put(uidAttrName, username);
+ if( matchOnUserDN == true )
+ matchAttrs.put(uidAttrName, userDN);
+ else
+ matchAttrs.put(uidAttrName, username);
String[] roleAttr =
{roleAttrName};
try
_______________________________________________
Jboss-development mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-development
