[Jboss-cvs] JBossAS SVN: r56800 - branches/JBoss_4_0_3_SP1_JBAS-3650/security/src/main/org/jboss/security/auth/spi
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Wed Sep 13 12:06:58 EDT 2006
Author: scott.stark at jboss.org
Date: 2006-09-13 12:06:55 -0400 (Wed, 13 Sep 2006)
New Revision: 56800
Modified:
branches/JBoss_4_0_3_SP1_JBAS-3650/security/src/main/org/jboss/security/auth/spi/LdapExtLoginModule.java
Log:
JBAS-3650, close all NamingEnumeration results as these delay the close of the context connection.
Modified: branches/JBoss_4_0_3_SP1_JBAS-3650/security/src/main/org/jboss/security/auth/spi/LdapExtLoginModule.java
===================================================================
--- branches/JBoss_4_0_3_SP1_JBAS-3650/security/src/main/org/jboss/security/auth/spi/LdapExtLoginModule.java 2006-09-13 16:03:26 UTC (rev 56799)
+++ branches/JBoss_4_0_3_SP1_JBAS-3650/security/src/main/org/jboss/security/auth/spi/LdapExtLoginModule.java 2006-09-13 16:06:55 UTC (rev 56800)
@@ -1,10 +1,24 @@
/*
- * JBoss, Home of Professional Open Source
- *
- * Distributable under LGPL license.
- * See terms of license at gnu.org.
- */
-
+* JBoss, Home of Professional Open Source
+* Copyright 2005, JBoss Inc., and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
package org.jboss.security.auth.spi;
import java.security.Principal;
@@ -314,17 +328,25 @@
searchScope = SearchControls.SUBTREE_SCOPE;
// Get the admin context for searching
- InitialLdapContext ctx = constructInitialLdapContext(bindDN, bindCredential);
- // Validate the user by binding against the userDN
- String userDN = bindDNAuthentication(ctx, username, credential, baseDN, baseFilter);
+ InitialLdapContext ctx = null;
+ try
+ {
+ ctx = constructInitialLdapContext(bindDN, bindCredential);
+ // Validate the user by binding against the userDN
+ String userDN = bindDNAuthentication(ctx, username, credential, baseDN, baseFilter);
- // Query for roles matching the role filter
- SearchControls constraints = new SearchControls();
- constraints.setSearchScope(searchScope);
- constraints.setReturningAttributes(new String[0]);
- constraints.setTimeLimit(searchTimeLimit);
- rolesSearch(ctx, constraints, username, userDN, recursion, 0);
- ctx.close();
+ // Query for roles matching the role filter
+ SearchControls constraints = new SearchControls();
+ constraints.setSearchScope(searchScope);
+ constraints.setReturningAttributes(new String[0]);
+ constraints.setTimeLimit(searchTimeLimit);
+ rolesSearch(ctx, constraints, username, userDN, recursion, 0);
+ }
+ finally
+ {
+ if( ctx != null )
+ ctx.close();
+ }
return true;
}
@@ -353,6 +375,7 @@
results = ctx.search(baseDN, filter, filterArgs, constraints);
if (results.hasMore() == false)
{
+ results.close();
throw new NamingException("Search of baseDN(" + baseDN + ") found no matches");
}
@@ -364,6 +387,7 @@
else
throw new NamingException("Can't follow referal for authentication: " + name);
+ results.close();
results = null;
// Bind as the user dn to authenticate the user
InitialLdapContext userCtx = constructInitialLdapContext(userDN, credential);
@@ -387,57 +411,65 @@
{
Object[] filterArgs = {user, userDN};
NamingEnumeration results = ctx.search(rolesCtxDN, roleFilter, filterArgs, constraints);
- while (results.hasMore())
+ try
{
- SearchResult sr = (SearchResult) results.next();
- String dn = sr.getName() + "," + rolesCtxDN;
- String[] attrNames = {roleAttributeID};
- Attributes result = ctx.getAttributes(dn, attrNames);
- if( result != null && result.size() > 0 )
- {
- Attribute roles = result.get(roleAttributeID);
- for (int n = 0; n < roles.size(); n ++)
- {
- String roleName = (String) roles.get(n);
- try
- {
- if (roleAttributeIsDN)
- {
- // Query the roleDN location for the value of roleNameAttributeID
- String roleDN = roleName;
- String[] returnAttribute = {roleNameAttributeID};
- log.trace("Using roleDN: " + roleDN);
- try
- {
- result = ctx.getAttributes(roleDN, returnAttribute);
- if (result.get(roleNameAttributeID) != null)
- {
- roleName = result.get(roleNameAttributeID).get().toString();
- }
- }
- catch (NamingException e)
- {
- log.trace("Failed to query roleNameAttrName", e);
- }
- }
-
- Principal p = super.createIdentity(roleName);
- log.trace("Assign user to role " + roleName);
- userRoles.addMember(p);
- }
- catch (Exception e)
- {
- log.debug("Failed to create principal: " + roleName, e);
- }
- }
- }
-
- if (nesting < recursionMax)
- {
- rolesSearch(ctx, constraints, user, dn,
- recursionMax, nesting + 1);
- }
+ while (results.hasMore())
+ {
+ SearchResult sr = (SearchResult) results.next();
+ String dn = canonicalize(sr.getName());
+ String[] attrNames = {roleAttributeID};
+ Attributes result = ctx.getAttributes(dn, attrNames);
+ if( result != null && result.size() > 0 )
+ {
+ Attribute roles = result.get(roleAttributeID);
+ for (int n = 0; n < roles.size(); n ++)
+ {
+ String roleName = (String) roles.get(n);
+ try
+ {
+ if (roleAttributeIsDN)
+ {
+ // Query the roleDN location for the value of roleNameAttributeID
+ String roleDN = roleName;
+ String[] returnAttribute = {roleNameAttributeID};
+ log.trace("Using roleDN: " + roleDN);
+ try
+ {
+ result = ctx.getAttributes(roleDN, returnAttribute);
+ if (result.get(roleNameAttributeID) != null)
+ {
+ roleName = result.get(roleNameAttributeID).get().toString();
+ }
+ }
+ catch (NamingException e)
+ {
+ log.trace("Failed to query roleNameAttrName", e);
+ }
+ }
+
+ Principal p = super.createIdentity(roleName);
+ log.trace("Assign user to role " + roleName);
+ userRoles.addMember(p);
+ }
+ catch (Exception e)
+ {
+ log.debug("Failed to create principal: " + roleName, e);
+ }
+ }
+ }
+
+ if (nesting < recursionMax)
+ {
+ rolesSearch(ctx, constraints, user, dn,
+ recursionMax, nesting + 1);
+ }
+ }
}
+ finally
+ {
+ if( results != null )
+ results.close();
+ }
}
@@ -467,10 +499,41 @@
providerURL = "ldap://localhost:" + ((protocol != null && protocol.equals("ssl")) ? "636" : "389");
env.setProperty(Context.PROVIDER_URL, providerURL);
- env.setProperty(Context.SECURITY_PRINCIPAL, dn);
- env.put(Context.SECURITY_CREDENTIALS, credential);
- super.log.trace("Logging into LDAP server, env=" + env);
+ // JBAS-3555, allow anonymous login with no bindDN and bindCredential
+ if (dn != null)
+ env.setProperty(Context.SECURITY_PRINCIPAL, dn);
+ if (credential != null)
+ env.put(Context.SECURITY_CREDENTIALS, credential);
+ traceLdapEnv(env);
return new InitialLdapContext(env, null);
}
-
+
+ private void traceLdapEnv(Properties env)
+ {
+ if(trace)
+ {
+ Properties tmp = new Properties();
+ tmp.putAll(env);
+ tmp.setProperty(Context.SECURITY_CREDENTIALS, "***");
+ log.trace("Logging into LDAP server, env=" + tmp.toString());
+ }
+ }
+
+ //JBAS-3438 : Handle "/" correctly
+ private String canonicalize(String searchResult)
+ {
+ String result = searchResult;
+ int len = searchResult.length();
+
+ if (searchResult.endsWith("\""))
+ {
+ result = searchResult.substring(0,len - 1)
+ + "," + rolesCtxDN + "\"";
+ }
+ else
+ {
+ result = searchResult + "," + rolesCtxDN;
+ }
+ return result;
+ }
}
More information about the jboss-cvs-commits
mailing list