Author: shane.bryzak(a)jboss.com
Date: 2008-10-24 03:56:29 -0400 (Fri, 24 Oct 2008)
New Revision: 9408
Modified:
trunk/src/main/org/jboss/seam/security/management/LdapIdentityStore.java
Log:
JBSEAM-3552
Modified: trunk/src/main/org/jboss/seam/security/management/LdapIdentityStore.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/management/LdapIdentityStore.java 2008-10-24
06:44:38 UTC (rev 9407)
+++ trunk/src/main/org/jboss/seam/security/management/LdapIdentityStore.java 2008-10-24
07:56:29 UTC (rev 9408)
@@ -597,8 +597,53 @@
{
ctx = initialiseContext();
+ // Delete the role entry itself
String roleDN = String.format("%s=%s,%s", getRoleNameAttribute(),
role, getRoleContextDN() );
ctx.destroySubcontext(roleDN);
+
+ // Then delete all user attributes that point to this role
+ int searchScope = SearchControls.SUBTREE_SCOPE;
+ int searchTimeLimit = 10000;
+
+ String[] roleAttr = { getUserRoleAttribute() };
+
+ SearchControls controls = new SearchControls();
+ controls.setSearchScope(searchScope);
+ controls.setReturningAttributes(roleAttr);
+ controls.setTimeLimit(searchTimeLimit);
+
+ StringBuilder roleFilter = new StringBuilder();
+ Object[] filterArgs = new Object[getUserObjectClasses().length + 1];
+ filterArgs[0] = roleDN;
+
+ roleFilter.append("(&(");
+ roleFilter.append(getUserRoleAttribute());
+ roleFilter.append("={0})");
+
+ for (int i = 0; i < getUserObjectClasses().length; i++)
+ {
+ roleFilter.append("(");
+ roleFilter.append(getObjectClassAttribute());
+ roleFilter.append("={");
+ roleFilter.append(i + 1);
+ roleFilter.append("})");
+ filterArgs[i + 1] = getUserObjectClasses()[i];
+ }
+
+ roleFilter.append(")");
+
+ NamingEnumeration answer = ctx.search(getUserContextDN(), roleFilter.toString(),
filterArgs, controls);
+ while (answer.hasMore())
+ {
+ SearchResult sr = (SearchResult) answer.next();
+ Attributes attrs = sr.getAttributes();
+ Attribute user = attrs.get( getUserRoleAttribute() );
+ user.remove(roleDN);
+ ctx.modifyAttributes(sr.getNameInNamespace(), new ModificationItem[] {
+ new ModificationItem(DirContext.REPLACE_ATTRIBUTE, user)});
+ }
+ answer.close();
+
return true;
}
catch (NamingException ex)
Show replies by date