[jboss-cvs] JBossAS SVN: r102474 - projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Tue Mar 16 14:14:57 EDT 2010
Author: mmoyses
Date: 2010-03-16 14:14:56 -0400 (Tue, 16 Mar 2010)
New Revision: 102474
Modified:
projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/LdapExtLoginModule.java
Log:
SECURITY-458: workaround for DNs with special characters
Modified: projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/LdapExtLoginModule.java
===================================================================
--- projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/LdapExtLoginModule.java 2010-03-16 17:54:06 UTC (rev 102473)
+++ projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/LdapExtLoginModule.java 2010-03-16 18:14:56 UTC (rev 102474)
@@ -168,6 +168,8 @@
private static final String SEARCH_SCOPE_OPT = "searchScope";
private static final String SECURITY_DOMAIN_OPT = "jaasSecurityDomain";
+
+ private static final String DISTINGUISHED_NAME_ATTRIBUTE_OPT = "distinguishedNameAttribute";
protected String bindDN;
@@ -193,6 +195,8 @@
protected int searchScope = SearchControls.SUBTREE_SCOPE;
+ protected String distinguishedNameAttribute;
+
// simple flag to indicate is the validatePassword method was called
protected boolean isPasswordValidated = false;
@@ -384,6 +388,10 @@
searchScope = SearchControls.ONELEVEL_SCOPE;
if ("SUBTREE_SCOPE".equalsIgnoreCase(scope))
searchScope = SearchControls.SUBTREE_SCOPE;
+
+ distinguishedNameAttribute = (String) options.get(DISTINGUISHED_NAME_ATTRIBUTE_OPT);
+ if (distinguishedNameAttribute == null)
+ distinguishedNameAttribute = "distinguishedName";
// Get the admin context for searching
InitialLdapContext ctx = null;
@@ -425,6 +433,9 @@
constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
constraints.setReturningAttributes(new String[0]);
constraints.setTimeLimit(searchTimeLimit);
+
+ String attrList[] = {distinguishedNameAttribute};
+ constraints.setReturningAttributes(attrList);
NamingEnumeration results = null;
@@ -439,10 +450,22 @@
SearchResult sr = (SearchResult) results.next();
String name = sr.getName();
String userDN = null;
- if (sr.isRelative() == true)
- userDN = name + ("".equals(baseDN) ? "" : "," + baseDN);
- else
- throw new NamingException("Can't follow referal for authentication: " + name);
+ Attributes attrs = sr.getAttributes();
+ if (attrs != null)
+ {
+ Attribute dn = attrs.get(distinguishedNameAttribute);
+ if (dn != null)
+ {
+ userDN = (String) dn.get();
+ }
+ }
+ if (userDN == null)
+ {
+ if (sr.isRelative() == true)
+ userDN = name + ("".equals(baseDN) ? "" : "," + baseDN);
+ else
+ throw new NamingException("Can't follow referal for authentication: " + name);
+ }
results.close();
results = null;
More information about the jboss-cvs-commits
mailing list