[jboss-cvs] JBossAS SVN: r102481 - branches/JBPAPP_4_2_0_GA_CP/security/src/main/org/jboss/security/auth/spi.

[jboss-cvs-commits at lists.jboss.org]

Author: mmoyses
Date: 2010-03-16 14:47:49 -0400 (Tue, 16 Mar 2010)
New Revision: 102481

Modified:
   branches/JBPAPP_4_2_0_GA_CP/security/src/main/org/jboss/security/auth/spi/LdapExtLoginModule.java
Log:
JBPAPP-3792: workaround for DNs with special characters

Modified: branches/JBPAPP_4_2_0_GA_CP/security/src/main/org/jboss/security/auth/spi/LdapExtLoginModule.java
===================================================================
--- branches/JBPAPP_4_2_0_GA_CP/security/src/main/org/jboss/security/auth/spi/LdapExtLoginModule.java	2010-03-16 18:45:37 UTC (rev 102480)
+++ branches/JBPAPP_4_2_0_GA_CP/security/src/main/org/jboss/security/auth/spi/LdapExtLoginModule.java	2010-03-16 18:47:49 UTC (rev 102481)
@@ -158,6 +158,7 @@
    private static final String SEARCH_TIME_LIMIT_OPT = "searchTimeLimit";
    private static final String SEARCH_SCOPE_OPT = "searchScope";
    private static final String SECURITY_DOMAIN_OPT = "jaasSecurityDomain";
+   private static final String DISTINGUISHED_NAME_ATTRIBUTE_OPT = "distinguishedNameAttribute";
 
    protected String bindDN;
    protected String bindCredential;
@@ -174,6 +175,7 @@
    protected int searchScope = SearchControls.SUBTREE_SCOPE;
    protected boolean trace;
    protected boolean isPasswordValidated = false;
+   protected String distinguishedNameAttribute;
 
    public LdapExtLoginModule()
    {
@@ -366,6 +368,10 @@
       if ("SUBTREE_SCOPE".equalsIgnoreCase(scope))
          searchScope = SearchControls.SUBTREE_SCOPE;
 
+      distinguishedNameAttribute = (String) options.get(DISTINGUISHED_NAME_ATTRIBUTE_OPT);
+      if (distinguishedNameAttribute == null)
+          distinguishedNameAttribute = "distinguishedName";
+
       // Get the admin context for searching
       InitialLdapContext ctx = null;
       try
@@ -407,6 +413,9 @@
       constraints.setReturningAttributes(new String[0]);
       constraints.setTimeLimit(searchTimeLimit);
 
+      String attrList[] = {distinguishedNameAttribute};
+      constraints.setReturningAttributes(attrList);
+
       NamingEnumeration results = null;
 
 
@@ -421,10 +430,22 @@
       SearchResult sr = (SearchResult) results.next();
       String name = sr.getName();
       String userDN = null;
-      if (sr.isRelative() == true)
-         userDN = name + ("".equals(baseDN) ? "" : "," + baseDN);
-      else
-         throw new NamingException("Can't follow referal for authentication: " + name);
+      Attributes attrs = sr.getAttributes();
+      if (attrs != null)
+      {
+          Attribute dn = attrs.get(distinguishedNameAttribute);
+          if (dn != null)
+          {
+                  userDN = (String) dn.get();
+          }
+      }
+      if (userDN == null)
+      {
+          if (sr.isRelative() == true)
+                  userDN = name + ("".equals(baseDN) ? "" : "," + baseDN);
+          else
+                  throw new NamingException("Can't follow referal for authentication: " + name);
+      }
 
       results.close();
       results = null;