karaf git commit: [KARAF-4871] LDAPLoginModule allows non defined role filter. Thanks to Colm O hEigeartaigh.

2016-12-01 Thread jbonofre 
Repository: karaf
Updated Branches:
  refs/heads/karaf-4.0.x 48b067cde -> 69b067608


[KARAF-4871] LDAPLoginModule allows non defined role filter. Thanks to Colm O 
hEigeartaigh.


Project: http://git-wip-us.apache.org/repos/asf/karaf/repo
Commit: http://git-wip-us.apache.org/repos/asf/karaf/commit/69b06760
Tree: http://git-wip-us.apache.org/repos/asf/karaf/tree/69b06760
Diff: http://git-wip-us.apache.org/repos/asf/karaf/diff/69b06760

Branch: refs/heads/karaf-4.0.x
Commit: 69b06760856948e23b9cba7589de99c41ae6f85b
Parents: 48b067c
Author: Jean-Baptiste Onofré 
Authored: Thu Dec 1 15:44:06 2016 +0100
Committer: Jean-Baptiste Onofré 
Committed: Thu Dec 1 15:46:30 2016 +0100

--
 .../karaf/jaas/modules/ldap/LDAPCache.java  | 87 +++-
 1 file changed, 47 insertions(+), 40 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/karaf/blob/69b06760/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPCache.java
--
diff --git 
a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPCache.java 
b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPCache.java
index 203eb66..f80af8c 100644
--- 
a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPCache.java
+++ 
b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPCache.java
@@ -124,11 +124,13 @@ public class LDAPCache implements Closeable, 
NamespaceChangeListener, ObjectChan
 eventContext.addNamingListener(options.getUserBaseDn(), filter, 
constraints, this);
 
 filter = options.getRoleFilter();
-filter = filter.replaceAll(Pattern.quote("%u"), 
Matcher.quoteReplacement("*"));
-filter = filter.replaceAll(Pattern.quote("%dn"), 
Matcher.quoteReplacement("*"));
-filter = filter.replaceAll(Pattern.quote("%fqdn"), 
Matcher.quoteReplacement("*"));
-filter = filter.replace("\\", "");
-eventContext.addNamingListener(options.getRoleBaseDn(), filter, 
constraints, this);
+if (filter != null) {
+filter = filter.replaceAll(Pattern.quote("%u"), 
Matcher.quoteReplacement("*"));
+filter = filter.replaceAll(Pattern.quote("%dn"), 
Matcher.quoteReplacement("*"));
+filter = filter.replaceAll(Pattern.quote("%fqdn"), 
Matcher.quoteReplacement("*"));
+filter = filter.replace("\\", "");
+eventContext.addNamingListener(options.getRoleBaseDn(), 
filter, constraints, this);
+}
 }
 
 return context;
@@ -238,50 +240,55 @@ public class LDAPCache implements Closeable, 
NamespaceChangeListener, ObjectChan
 }
 
 String filter = options.getRoleFilter();
-filter = filter.replaceAll(Pattern.quote("%u"), 
Matcher.quoteReplacement(user));
-filter = filter.replaceAll(Pattern.quote("%dn"), 
Matcher.quoteReplacement(userDn));
-filter = filter.replaceAll(Pattern.quote("%fqdn"), 
Matcher.quoteReplacement(userDnNamespace));
-filter = filter.replace("\\", "");
+if (filter != null) {
+filter = filter.replaceAll(Pattern.quote("%u"), 
Matcher.quoteReplacement(user));
+filter = filter.replaceAll(Pattern.quote("%dn"), 
Matcher.quoteReplacement(userDn));
+filter = filter.replaceAll(Pattern.quote("%fqdn"), 
Matcher.quoteReplacement(userDnNamespace));
+filter = filter.replace("\\", "");
 
-LOGGER.debug("Looking for the user roles in LDAP with ");
-LOGGER.debug("  base DN: " + options.getRoleBaseDn());
-LOGGER.debug("  filter: " + filter);
+LOGGER.debug("Looking for the user roles in LDAP with ");
+LOGGER.debug("  base DN: " + options.getRoleBaseDn());
+LOGGER.debug("  filter: " + filter);
 
-NamingEnumeration namingEnumeration = 
context.search(options.getRoleBaseDn(), filter, controls);
-try {
-List rolesList = new ArrayList<>();
-while (namingEnumeration.hasMore()) {
-SearchResult result = (SearchResult) namingEnumeration.next();
-Attributes attributes = result.getAttributes();
-Attribute roles1 = 
attributes.get(options.getRoleNameAttribute());
-if (roles1 != null) {
-for (int i = 0; i < roles1.size(); i++) {
-String role = (String) roles1.get(i);
-if (role != null) {
-LOGGER.debug("User {} is a member of role {}", 
user, role);
-// handle role mapping
-Set roleMappings = tryMappingRole(role);
-if (roleMappings.isEmpty()) {
-

karaf git commit: [KARAF-4871] LDAPLoginModule allows non defined role filter. Thanks to Colm O hEigeartaigh.

2016-12-01 Thread jbonofre 
Repository: karaf
Updated Branches:
  refs/heads/master f08248feb -> 7eea1ff73


[KARAF-4871] LDAPLoginModule allows non defined role filter. Thanks to Colm O 
hEigeartaigh.


Project: http://git-wip-us.apache.org/repos/asf/karaf/repo
Commit: http://git-wip-us.apache.org/repos/asf/karaf/commit/7eea1ff7
Tree: http://git-wip-us.apache.org/repos/asf/karaf/tree/7eea1ff7
Diff: http://git-wip-us.apache.org/repos/asf/karaf/diff/7eea1ff7

Branch: refs/heads/master
Commit: 7eea1ff73ca667db6505c38d2dcf29c9048dcaec
Parents: f08248f
Author: Jean-Baptiste Onofré 
Authored: Thu Dec 1 15:44:06 2016 +0100
Committer: Jean-Baptiste Onofré 
Committed: Thu Dec 1 15:44:06 2016 +0100

--
 .../karaf/jaas/modules/ldap/LDAPCache.java  | 87 +++-
 1 file changed, 47 insertions(+), 40 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/karaf/blob/7eea1ff7/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPCache.java
--
diff --git 
a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPCache.java 
b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPCache.java
index 203eb66..f80af8c 100644
--- 
a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPCache.java
+++ 
b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPCache.java
@@ -124,11 +124,13 @@ public class LDAPCache implements Closeable, 
NamespaceChangeListener, ObjectChan
 eventContext.addNamingListener(options.getUserBaseDn(), filter, 
constraints, this);
 
 filter = options.getRoleFilter();
-filter = filter.replaceAll(Pattern.quote("%u"), 
Matcher.quoteReplacement("*"));
-filter = filter.replaceAll(Pattern.quote("%dn"), 
Matcher.quoteReplacement("*"));
-filter = filter.replaceAll(Pattern.quote("%fqdn"), 
Matcher.quoteReplacement("*"));
-filter = filter.replace("\\", "");
-eventContext.addNamingListener(options.getRoleBaseDn(), filter, 
constraints, this);
+if (filter != null) {
+filter = filter.replaceAll(Pattern.quote("%u"), 
Matcher.quoteReplacement("*"));
+filter = filter.replaceAll(Pattern.quote("%dn"), 
Matcher.quoteReplacement("*"));
+filter = filter.replaceAll(Pattern.quote("%fqdn"), 
Matcher.quoteReplacement("*"));
+filter = filter.replace("\\", "");
+eventContext.addNamingListener(options.getRoleBaseDn(), 
filter, constraints, this);
+}
 }
 
 return context;
@@ -238,50 +240,55 @@ public class LDAPCache implements Closeable, 
NamespaceChangeListener, ObjectChan
 }
 
 String filter = options.getRoleFilter();
-filter = filter.replaceAll(Pattern.quote("%u"), 
Matcher.quoteReplacement(user));
-filter = filter.replaceAll(Pattern.quote("%dn"), 
Matcher.quoteReplacement(userDn));
-filter = filter.replaceAll(Pattern.quote("%fqdn"), 
Matcher.quoteReplacement(userDnNamespace));
-filter = filter.replace("\\", "");
+if (filter != null) {
+filter = filter.replaceAll(Pattern.quote("%u"), 
Matcher.quoteReplacement(user));
+filter = filter.replaceAll(Pattern.quote("%dn"), 
Matcher.quoteReplacement(userDn));
+filter = filter.replaceAll(Pattern.quote("%fqdn"), 
Matcher.quoteReplacement(userDnNamespace));
+filter = filter.replace("\\", "");
 
-LOGGER.debug("Looking for the user roles in LDAP with ");
-LOGGER.debug("  base DN: " + options.getRoleBaseDn());
-LOGGER.debug("  filter: " + filter);
+LOGGER.debug("Looking for the user roles in LDAP with ");
+LOGGER.debug("  base DN: " + options.getRoleBaseDn());
+LOGGER.debug("  filter: " + filter);
 
-NamingEnumeration namingEnumeration = 
context.search(options.getRoleBaseDn(), filter, controls);
-try {
-List rolesList = new ArrayList<>();
-while (namingEnumeration.hasMore()) {
-SearchResult result = (SearchResult) namingEnumeration.next();
-Attributes attributes = result.getAttributes();
-Attribute roles1 = 
attributes.get(options.getRoleNameAttribute());
-if (roles1 != null) {
-for (int i = 0; i < roles1.size(); i++) {
-String role = (String) roles1.get(i);
-if (role != null) {
-LOGGER.debug("User {} is a member of role {}", 
user, role);
-// handle role mapping
-Set roleMappings = tryMappingRole(role);
-if (roleMappings.isEmpty()) {
-