Suggest changes to JNDIRealm

Jones Scott - sjones Tue, 11 Feb 2003 04:31:36 -0800

Attached is a new version on JNDIRealm class.

I have added the ability for it to recursive through roles. We have users in roles and those roles in other roles. I have added the following:

a new attribute to the Realm xml section of server.xml called rolePattern.
<Realm className="org.apache.catalina.realm.AcxiomJNDIRealm"

debug="3"

connectionURL="ldap://10.85.42.223:389"

connectionName="cn=Manager,dc=acxiom,dc=com"

connectionPassword="secret"

userPattern="cn={0},ou=people,dc=acxiom,dc=com"

roleBase="ou=groups, dc=acxiom, dc=com"

roleName="CN"

roleSearch="(member={0})"

roleSubtree="true"

digest="SHA"

rolePattern="member=cn={0},ou=groups, dc=acxiom, dc=com"/>

getters and setters for rolePattern
new private called rolePatternFormat
new method called getImbeddedGroups
This is called at the end of getRoles

private ArrayList getImbeddedGroups(DirContext context, ArrayList currentList, int level) throws NamingException {

ArrayList listOut = new ArrayList();

String filter = null;

SearchControls controls = null;

NamingEnumeration results = null;

SearchResult result = null;

Attributes attrs = null;

String currentRole = null;

if (rolePattern == null) {

return currentList;

}

if (level > 15) {

return currentList;

}

if (currentList == null) {

return listOut;

}

if (currentList.size() == 0 ) {

return currentList;

}

Iterator it = currentList.iterator();

while(it.hasNext()) {

currentRole = (String) it.next();

filter = rolePatternFormat.format(new String[] { currentRole });

controls = new SearchControls();

if (roleSubtree) {

controls.setSearchScope(SearchControls.SUBTREE_SCOPE);

}

else {

controls.setSearchScope(SearchControls.ONELEVEL_SCOPE);

}

controls.setReturningAttributes(new String[] {roleName});

// Perform the configured search and process the results

if (debug >= 3) {

log(" Searching role base '" + roleBase + "' for attribute '" +

roleName + "'");

log(" With filter expression '" + filter + "'");

}

results = context.search(roleBase, filter, controls);

if (results == null)

return (currentList); // Should never happen, but just in case ...

while (results.hasMore()) {

result = (SearchResult) results.next();

attrs = result.getAttributes();

if (attrs == null) {

continue;

}

listOut = addAttributeValues(roleName, attrs, listOut);

}

listOut = getImbeddedGroups(context, listOut, level + 1);

listOut.addAll(currentList);

return (listOut);

}

Scott Jones

Acxiom Corporation

[EMAIL PROTECTED]





*********************************************************************



The information contained in this communication is

confidential, is intended only for the use of the recipient

named above, and may be legally privileged.

If the reader of this message is not the intended

recipient, you are hereby notified that any dissemination, 

distribution, or copying of this communication is strictly

prohibited.

If you have received this communication in error,

please re-send this communication to the sender and

delete the original message or any copy of it from your

computer system. Thank You.

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Suggest changes to JNDIRealm

Reply via email to