subject:"RE\: svn commit\: r1355615 \- in \/tomcat\/trunk\: java\/org\/apache\/catalina\/realm\/JNDIRealm.java webapps\/docs\/config\/realm.xml"

Re: svn commit: r1355615 - in /tomcat/trunk: java/org/apache/catalina/realm/JNDIRealm.java webapps/docs/config/realm.xml

2012-07-01 Thread Konstantin Kolinko

2012/6/30  fha...@apache.org:
 Author: fhanik
 Date: Sat Jun 30 01:04:59 2012
 New Revision: 1355615

 URL: http://svn.apache.org/viewvc?rev=1355615view=rev
 Log:
 With more and more use of RFC 2307 http://tools.ietf.org/html/rfc2307
 There is a new way to search for roles using the memberUid that can contain 
 the value of another attribute within the users directory entry.
 This may not be very specific to 2307, but that is where I see this 
 combination of role searches occur the most.

 Example: http://www.openldap.org/lists/openldap-technical/200904/msg00024.html




 Modified:
 tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java
 tomcat/trunk/webapps/docs/config/realm.xml

 Modified: tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java
 URL: 
 http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java?rev=1355615r1=1355614r2=1355615view=diff
 ==
 --- tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java (original)
 +++ tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java Sat Jun 30 
 01:04:59 2012
 @@ -126,8 +126,9 @@ import org.ietf.jgss.GSSCredential;
   * property./li
   * liThe coderoleSearch/code pattern optionally includes pattern
   * replacements {0} for the distinguished name, and/or {1} for
 - * the username, of the authenticated user for which roles will be
 - * retrieved./li
 + * the username, and/or {2} the value of the userRoleAttribute
 + * attribute from the users entry, of the authenticated user
 + * for which roles will be retrieved./li
   * liThe coderoleBase/code property can be set to the element that
   * is the base of the search for matching roles.  If not specified,
   * the entire context will be searched./li
 @@ -292,6 +293,14 @@ public class JNDIRealm extends RealmBase
   */
  protected String userPassword = null;

 +/**
 + * The name of the attribute inside the users
 + * directory entry where the value will be
 + * taken to search for roles
 + * This attribute is not used during a nested search
 + */
 +protected String userRoleAttribute = null;
 +

  /**
   * A string of LDAP user patterns or paths, :-separated
 @@ -829,6 +838,14 @@ public class JNDIRealm extends RealmBase
  }


 +public String getUserRoleAttribute() {
 +return userRoleAttribute;
 +}
 +
 +public void setUserRoleAttribute(String userRoleAttribute) {
 +this.userRoleAttribute = userRoleAttribute;
 +}
 +
  /**
   * Return the message format pattern for selecting users in this Realm.
   */
 @@ -839,6 +856,8 @@ public class JNDIRealm extends RealmBase
  }


 +
 +
  /**
   * Set the message format pattern for selecting users in this Realm.
   * This may be one simple pattern, or multiple patterns to be tried,
 @@ -1230,6 +1249,9 @@ public class JNDIRealm extends RealmBase
  list.add(userPassword);
  if (userRoleName != null)
  list.add(userRoleName);
 +if (userRoleAttribute != null) {
 +list.add(userRoleAttribute);
 +}
  String[] attrIds = new String[list.size()];
  list.toArray(attrIds);

 @@ -1265,7 +1287,7 @@ public class JNDIRealm extends RealmBase

  // If no attributes are requested, no need to look for them
  if (attrIds == null || attrIds.length == 0) {
 -return new User(username, dn, null, null);
 +return new User(username, dn, null, null,null);
  }

  // Get required attributes from user entry
 @@ -1283,12 +1305,17 @@ public class JNDIRealm extends RealmBase
  if (userPassword != null)
  password = getAttributeValue(userPassword, attrs);

 +String userRoleAttrValue = null;
 +if (userRoleAttribute != null) {
 +userRoleAttrValue = getAttributeValue(userRoleAttribute, attrs);
 +}
 +
  // Retrieve values of userRoleName attribute
  ArrayListString roles = null;
  if (userRoleName != null)
  roles = addAttributeValues(userRoleName, attrs, roles);

 -return new User(username, dn, password, roles);
 +return new User(username, dn, password, roles, userRoleAttrValue);
  }


 @@ -1427,12 +1454,17 @@ public class JNDIRealm extends RealmBase
  if (userPassword != null)
  password = getAttributeValue(userPassword, attrs);

 +String userRoleAttrValue = null;
 +if (userRoleAttribute != null) {
 +userRoleAttrValue = getAttributeValue(userRoleAttribute, attrs);
 +}
 +
  // Retrieve values of userRoleName attribute
  ArrayListString roles = null;
  if (userRoleName != null)
  roles = addAttributeValues(userRoleName, attrs, roles);

 -return new User(username,

RE: svn commit: r1355615 - in /tomcat/trunk: java/org/apache/catalina/realm/JNDIRealm.java webapps/docs/config/realm.xml

2012-07-01 Thread Filip Hanik (mailing lists)

Thanks for the review and fix

 -Original Message-
 From: Konstantin Kolinko [mailto:knst.koli...@gmail.com]
 Sent: Sunday, July 01, 2012 6:06 AM
 To: Tomcat Developers List
 Subject: Re: svn commit: r1355615 - in /tomcat/trunk:
 java/org/apache/catalina/realm/JNDIRealm.java
 webapps/docs/config/realm.xml
 
 2012/6/30  fha...@apache.org:
  Author: fhanik
  Date: Sat Jun 30 01:04:59 2012
  New Revision: 1355615
 
  URL: http://svn.apache.org/viewvc?rev=1355615view=rev
  Log:
  With more and more use of RFC 2307 http://tools.ietf.org/html/rfc2307
  There is a new way to search for roles using the memberUid that can
 contain the value of another attribute within the users directory entry.
  This may not be very specific to 2307, but that is where I see this
 combination of role searches occur the most.
 
  Example: http://www.openldap.org/lists/openldap-
 technical/200904/msg00024.html
 
 
 
 
  Modified:
  tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java
  tomcat/trunk/webapps/docs/config/realm.xml
 
  Modified: tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java
  URL:
 http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/realm
 /JNDIRealm.java?rev=1355615r1=1355614r2=1355615view=diff
 
 
 ==
  --- tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java
 (original)
  +++ tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java Sat Jun
 30 01:04:59 2012
  @@ -126,8 +126,9 @@ import org.ietf.jgss.GSSCredential;
* property./li
* liThe coderoleSearch/code pattern optionally includes
 pattern
* replacements {0} for the distinguished name, and/or
 {1} for
  - * the username, of the authenticated user for which roles
 will be
  - * retrieved./li
  + * the username, and/or {2} the value of the
 userRoleAttribute
  + * attribute from the users entry, of the authenticated user
  + * for which roles will be retrieved./li
* liThe coderoleBase/code property can be set to the
 element that
* is the base of the search for matching roles.  If not
 specified,
* the entire context will be searched./li
  @@ -292,6 +293,14 @@ public class JNDIRealm extends RealmBase
*/
   protected String userPassword = null;
 
  +/**
  + * The name of the attribute inside the users
  + * directory entry where the value will be
  + * taken to search for roles
  + * This attribute is not used during a nested search
  + */
  +protected String userRoleAttribute = null;
  +
 
   /**
* A string of LDAP user patterns or paths, :-separated
  @@ -829,6 +838,14 @@ public class JNDIRealm extends RealmBase
   }
 
 
  +public String getUserRoleAttribute() {
  +return userRoleAttribute;
  +}
  +
  +public void setUserRoleAttribute(String userRoleAttribute) {
  +this.userRoleAttribute = userRoleAttribute;
  +}
  +
   /**
* Return the message format pattern for selecting users in this
 Realm.
*/
  @@ -839,6 +856,8 @@ public class JNDIRealm extends RealmBase
   }
 
 
  +
  +
   /**
* Set the message format pattern for selecting users in this
 Realm.
* This may be one simple pattern, or multiple patterns to be
 tried,
  @@ -1230,6 +1249,9 @@ public class JNDIRealm extends RealmBase
   list.add(userPassword);
   if (userRoleName != null)
   list.add(userRoleName);
  +if (userRoleAttribute != null) {
  +list.add(userRoleAttribute);
  +}
   String[] attrIds = new String[list.size()];
   list.toArray(attrIds);
 
  @@ -1265,7 +1287,7 @@ public class JNDIRealm extends RealmBase
 
   // If no attributes are requested, no need to look for them
   if (attrIds == null || attrIds.length == 0) {
  -return new User(username, dn, null, null);
  +return new User(username, dn, null, null,null);
   }
 
   // Get required attributes from user entry
  @@ -1283,12 +1305,17 @@ public class JNDIRealm extends RealmBase
   if (userPassword != null)
   password = getAttributeValue(userPassword, attrs);
 
  +String userRoleAttrValue = null;
  +if (userRoleAttribute != null) {
  +userRoleAttrValue = getAttributeValue(userRoleAttribute,
 attrs);
  +}
  +
   // Retrieve values of userRoleName attribute
   ArrayListString roles = null;
   if (userRoleName != null)
   roles = addAttributeValues(userRoleName, attrs, roles);
 
  -return new User(username, dn, password, roles);
  +return new User(username, dn, password, roles,
 userRoleAttrValue);
   }
 
 
  @@ -1427,12 +1454,17 @@ public class JNDIRealm extends RealmBase
   if (userPassword != null)
   password

Re: svn commit: r1355615 - in /tomcat/trunk: java/org/apache/catalina/realm/JNDIRealm.java webapps/docs/config/realm.xml

RE: svn commit: r1355615 - in /tomcat/trunk: java/org/apache/catalina/realm/JNDIRealm.java webapps/docs/config/realm.xml

2 matches

Site Navigation

Mail list logo

Footer information