karaf git commit: [KARAF-4871] LDAPLoginModule allows non defined role filter. Thanks to Colm O hEigeartaigh.
Repository: karaf Updated Branches: refs/heads/karaf-4.0.x 48b067cde -> 69b067608 [KARAF-4871] LDAPLoginModule allows non defined role filter. Thanks to Colm O hEigeartaigh. Project: http://git-wip-us.apache.org/repos/asf/karaf/repo Commit: http://git-wip-us.apache.org/repos/asf/karaf/commit/69b06760 Tree: http://git-wip-us.apache.org/repos/asf/karaf/tree/69b06760 Diff: http://git-wip-us.apache.org/repos/asf/karaf/diff/69b06760 Branch: refs/heads/karaf-4.0.x Commit: 69b06760856948e23b9cba7589de99c41ae6f85b Parents: 48b067c Author: Jean-Baptiste OnofréAuthored: Thu Dec 1 15:44:06 2016 +0100 Committer: Jean-Baptiste Onofré Committed: Thu Dec 1 15:46:30 2016 +0100 -- .../karaf/jaas/modules/ldap/LDAPCache.java | 87 +++- 1 file changed, 47 insertions(+), 40 deletions(-) -- http://git-wip-us.apache.org/repos/asf/karaf/blob/69b06760/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPCache.java -- diff --git a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPCache.java b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPCache.java index 203eb66..f80af8c 100644 --- a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPCache.java +++ b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPCache.java @@ -124,11 +124,13 @@ public class LDAPCache implements Closeable, NamespaceChangeListener, ObjectChan eventContext.addNamingListener(options.getUserBaseDn(), filter, constraints, this); filter = options.getRoleFilter(); -filter = filter.replaceAll(Pattern.quote("%u"), Matcher.quoteReplacement("*")); -filter = filter.replaceAll(Pattern.quote("%dn"), Matcher.quoteReplacement("*")); -filter = filter.replaceAll(Pattern.quote("%fqdn"), Matcher.quoteReplacement("*")); -filter = filter.replace("\\", ""); -eventContext.addNamingListener(options.getRoleBaseDn(), filter, constraints, this); +if (filter != null) { +filter = filter.replaceAll(Pattern.quote("%u"), Matcher.quoteReplacement("*")); +filter = filter.replaceAll(Pattern.quote("%dn"), Matcher.quoteReplacement("*")); +filter = filter.replaceAll(Pattern.quote("%fqdn"), Matcher.quoteReplacement("*")); +filter = filter.replace("\\", ""); +eventContext.addNamingListener(options.getRoleBaseDn(), filter, constraints, this); +} } return context; @@ -238,50 +240,55 @@ public class LDAPCache implements Closeable, NamespaceChangeListener, ObjectChan } String filter = options.getRoleFilter(); -filter = filter.replaceAll(Pattern.quote("%u"), Matcher.quoteReplacement(user)); -filter = filter.replaceAll(Pattern.quote("%dn"), Matcher.quoteReplacement(userDn)); -filter = filter.replaceAll(Pattern.quote("%fqdn"), Matcher.quoteReplacement(userDnNamespace)); -filter = filter.replace("\\", ""); +if (filter != null) { +filter = filter.replaceAll(Pattern.quote("%u"), Matcher.quoteReplacement(user)); +filter = filter.replaceAll(Pattern.quote("%dn"), Matcher.quoteReplacement(userDn)); +filter = filter.replaceAll(Pattern.quote("%fqdn"), Matcher.quoteReplacement(userDnNamespace)); +filter = filter.replace("\\", ""); -LOGGER.debug("Looking for the user roles in LDAP with "); -LOGGER.debug(" base DN: " + options.getRoleBaseDn()); -LOGGER.debug(" filter: " + filter); +LOGGER.debug("Looking for the user roles in LDAP with "); +LOGGER.debug(" base DN: " + options.getRoleBaseDn()); +LOGGER.debug(" filter: " + filter); -NamingEnumeration namingEnumeration = context.search(options.getRoleBaseDn(), filter, controls); -try { -List rolesList = new ArrayList<>(); -while (namingEnumeration.hasMore()) { -SearchResult result = (SearchResult) namingEnumeration.next(); -Attributes attributes = result.getAttributes(); -Attribute roles1 = attributes.get(options.getRoleNameAttribute()); -if (roles1 != null) { -for (int i = 0; i < roles1.size(); i++) { -String role = (String) roles1.get(i); -if (role != null) { -LOGGER.debug("User {} is a member of role {}", user, role); -// handle role mapping -Set roleMappings = tryMappingRole(role); -if (roleMappings.isEmpty()) { -
karaf git commit: [KARAF-4871] LDAPLoginModule allows non defined role filter. Thanks to Colm O hEigeartaigh.
Repository: karaf Updated Branches: refs/heads/master f08248feb -> 7eea1ff73 [KARAF-4871] LDAPLoginModule allows non defined role filter. Thanks to Colm O hEigeartaigh. Project: http://git-wip-us.apache.org/repos/asf/karaf/repo Commit: http://git-wip-us.apache.org/repos/asf/karaf/commit/7eea1ff7 Tree: http://git-wip-us.apache.org/repos/asf/karaf/tree/7eea1ff7 Diff: http://git-wip-us.apache.org/repos/asf/karaf/diff/7eea1ff7 Branch: refs/heads/master Commit: 7eea1ff73ca667db6505c38d2dcf29c9048dcaec Parents: f08248f Author: Jean-Baptiste OnofréAuthored: Thu Dec 1 15:44:06 2016 +0100 Committer: Jean-Baptiste Onofré Committed: Thu Dec 1 15:44:06 2016 +0100 -- .../karaf/jaas/modules/ldap/LDAPCache.java | 87 +++- 1 file changed, 47 insertions(+), 40 deletions(-) -- http://git-wip-us.apache.org/repos/asf/karaf/blob/7eea1ff7/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPCache.java -- diff --git a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPCache.java b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPCache.java index 203eb66..f80af8c 100644 --- a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPCache.java +++ b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPCache.java @@ -124,11 +124,13 @@ public class LDAPCache implements Closeable, NamespaceChangeListener, ObjectChan eventContext.addNamingListener(options.getUserBaseDn(), filter, constraints, this); filter = options.getRoleFilter(); -filter = filter.replaceAll(Pattern.quote("%u"), Matcher.quoteReplacement("*")); -filter = filter.replaceAll(Pattern.quote("%dn"), Matcher.quoteReplacement("*")); -filter = filter.replaceAll(Pattern.quote("%fqdn"), Matcher.quoteReplacement("*")); -filter = filter.replace("\\", ""); -eventContext.addNamingListener(options.getRoleBaseDn(), filter, constraints, this); +if (filter != null) { +filter = filter.replaceAll(Pattern.quote("%u"), Matcher.quoteReplacement("*")); +filter = filter.replaceAll(Pattern.quote("%dn"), Matcher.quoteReplacement("*")); +filter = filter.replaceAll(Pattern.quote("%fqdn"), Matcher.quoteReplacement("*")); +filter = filter.replace("\\", ""); +eventContext.addNamingListener(options.getRoleBaseDn(), filter, constraints, this); +} } return context; @@ -238,50 +240,55 @@ public class LDAPCache implements Closeable, NamespaceChangeListener, ObjectChan } String filter = options.getRoleFilter(); -filter = filter.replaceAll(Pattern.quote("%u"), Matcher.quoteReplacement(user)); -filter = filter.replaceAll(Pattern.quote("%dn"), Matcher.quoteReplacement(userDn)); -filter = filter.replaceAll(Pattern.quote("%fqdn"), Matcher.quoteReplacement(userDnNamespace)); -filter = filter.replace("\\", ""); +if (filter != null) { +filter = filter.replaceAll(Pattern.quote("%u"), Matcher.quoteReplacement(user)); +filter = filter.replaceAll(Pattern.quote("%dn"), Matcher.quoteReplacement(userDn)); +filter = filter.replaceAll(Pattern.quote("%fqdn"), Matcher.quoteReplacement(userDnNamespace)); +filter = filter.replace("\\", ""); -LOGGER.debug("Looking for the user roles in LDAP with "); -LOGGER.debug(" base DN: " + options.getRoleBaseDn()); -LOGGER.debug(" filter: " + filter); +LOGGER.debug("Looking for the user roles in LDAP with "); +LOGGER.debug(" base DN: " + options.getRoleBaseDn()); +LOGGER.debug(" filter: " + filter); -NamingEnumeration namingEnumeration = context.search(options.getRoleBaseDn(), filter, controls); -try { -List rolesList = new ArrayList<>(); -while (namingEnumeration.hasMore()) { -SearchResult result = (SearchResult) namingEnumeration.next(); -Attributes attributes = result.getAttributes(); -Attribute roles1 = attributes.get(options.getRoleNameAttribute()); -if (roles1 != null) { -for (int i = 0; i < roles1.size(); i++) { -String role = (String) roles1.get(i); -if (role != null) { -LOGGER.debug("User {} is a member of role {}", user, role); -// handle role mapping -Set roleMappings = tryMappingRole(role); -if (roleMappings.isEmpty()) { -